Hi nach dem ich gestern im Internet war und mir etwas ziehen wollte (schön Dumm ich weiß es selber), tauchte dann ständig der IE auf (surfe selber mit FF). das wegklicken ging ja noch aber dan kamen Meldungen, das seiten beendet werden sollen und heute morgen das die WIN host files nicht mehr funktionieren und beendet werden müssen. Seit neustem stürtzt ständig der win Explorer ab.

Meine AV - Software ist antivirus und der zeigte mir gesten und heute einiges an. ich habe trojan remover drüber laufen lassen, nachdem gester Hijack this nichts ergeben hat... der Trojan hat mir 3 dinge entfernt und hijack this hat nun folgendes logfile

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:30:15, on 24.01.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\program files\avira\antivir desktop\avscan.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Piia - Muckelchen\Downloads\HiJackThis204.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\Explorer.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [JP595IR86O] C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe
O4 - HKCU\..\Run: [{32A068F1-BA4F-03E6-B150-A98A13ED97A3}] "C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye\weizd.exe"
O4 - HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 6451 bytes


Ich hoffe auf schnelle Hilfe.

Danke im vorraus

was hat avira gefunden, log dateien.
trojan remover, log dateien. ich brauche genaue meldungen, irgendwas ist nicht grad ne vernünftige info.
wo hast du was geladen, bitte link als private nachicht an mich.

Antivir:Exportierte Ereignisse:

24.01.2011 12:19 [Guard] Malware gefunden
In der Datei 'C:\Windows\Crahea.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

24.01.2011 12:17 [Scanner] Malware gefunden
Die Datei 'C:\Windows\Crahea.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe'
[trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei konnte nicht gelöscht werden!

24.01.2011 12:17 [Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 63
Anzahl Verzeichnisse: 0
Anzahl Malware: 2
Anzahl Fehler: 1

24.01.2011 12:17 [Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde abgebrochen!].
Anzahl Dateien: 261282
Anzahl Verzeichnisse: 4846
Anzahl Malware: 0
Anzahl Fehler: 2

24.01.2011 12:15 [Guard] Malware gefunden
In der Datei 'C:\Windows\Crahea.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

24.01.2011 11:36 [Scanner] Malware gefunden
Die Datei 'C:\Windows\Crahea.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe'
[trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei konnte nicht gelöscht werden!

24.01.2011 11:36 [Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 62
Anzahl Verzeichnisse: 0
Anzahl Malware: 2
Anzahl Fehler: 1

24.01.2011 11:34 [Guard] Malware gefunden
In der Datei 'C:\Windows\Crahea.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

24.01.2011 11:34 [Guard] Malware gefunden
In der Datei 'C:\Windows\Crahea.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

24.01.2011 11:34 [Guard] Malware gefunden
In der Datei 'C:\Windows\Crahea.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.CodecPack.affe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

24.01.2011 11:20 [Updater] Update erfolgreich durchgeführt
Update von Avira AntiVir Personal - Free Antivirus auf Computer AMILO
(192.168.178.32) erfolgreich durchgeführt.
Folgende Dateien wurden von hxxp://80.190.143.240/update aktualisiert:
vbase031.vdf 7.11.1.223
aevdf.dat 7.11.1.223

24.01.2011 11:20 [Guard] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.02.04.150
VDF Version: 7.11.01.223

24.01.2011 11:18 [Planer] Auftrag gestartet
Auftrag "startupd_job_ex"
wurde erfolgreich gestartet.

24.01.2011 11:16 [Guard] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 10.0.1.56
Engine Version: 8.2.4.150
VDF Version: 7.11.1.216

24.01.2011 11:16 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 10.0.0.19

24.01.2011 11:15 [Guard] Dienst gestoppt
Der Dienst wurde gestoppt.

24.01.2011 11:15 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

24.01.2011 11:09 [Guard] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 10.0.1.56
Engine Version: 8.2.4.150
VDF Version: 7.11.1.216

24.01.2011 11:09 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 10.0.0.19

23.01.2011 16:58 [Guard] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 10.0.1.56
Engine Version: 8.2.4.150
VDF Version: 7.11.1.216

23.01.2011 16:58 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 10.0.0.19

23.01.2011 16:57 [Guard] Dienst gestoppt
Der Dienst wurde gestoppt.

23.01.2011 16:57 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

23.01.2011 16:48 [Guard] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 10.0.1.56
Engine Version: 8.2.4.150
VDF Version: 7.11.1.216

23.01.2011 16:47 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 10.0.0.19

23.01.2011 16:46 [Guard] Dienst gestoppt
Der Dienst wurde gestoppt.

23.01.2011 16:46 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

23.01.2011 16:29 [Guard] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 10.0.1.56
Engine Version: 8.2.4.150
VDF Version: 7.11.1.216

23.01.2011 16:29 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 10.0.0.19

23.01.2011 16:28 [Guard] Dienst gestoppt
Der Dienst wurde gestoppt.

23.01.2011 16:28 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

23.01.2011 15:33 [Guard] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 10.0.1.56
Engine Version: 8.2.4.150
VDF Version: 7.11.1.216

23.01.2011 15:32 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 10.0.0.19

23.01.2011 15:31 [Guard] Dienst gestoppt
Der Dienst wurde gestoppt.

23.01.2011 15:31 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

23.01.2011 12:23 [Scanner] Malware gefunden
Die Datei 'C:\Users\Piia -
Muckelchen\AppData\Local\Temp\tmp2d2cfd2a\hauptbild3.jpg'
enthielt einen Virus oder unerwünschtes Programm 'HEUR/Crypted.E' [heuristic].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49d8b11b.qua'
verschoben!

23.01.2011 12:23 [Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 64
Anzahl Verzeichnisse: 0
Anzahl Malware: 0
Anzahl Fehler: 0

23.01.2011 12:22 [Guard] Malware gefunden
In der Datei 'C:\Users\Piia -
Muckelchen\AppData\Local\Temp\tmp2d2cfd2a\hauptbild3.jpg'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

23.01.2011 12:22 [Guard] Malware gefunden
In der Datei 'C:\Users\Piia -
Muckelchen\AppData\Local\Temp\tmp2d2cfd2a\hauptbild3.jpg'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

23.01.2011 12:22 [Guard] Malware gefunden
In der Datei 'C:\Users\Piia -
Muckelchen\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\WRRV63N4\hauptbild3[1].jpg'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic]
gefunden.
Ausgeführte Aktion: Zugriff erlauben

23.01.2011 12:22 [Guard] Malware gefunden
In der Datei 'C:\Users\Piia -
Muckelchen\AppData\Local\Temp\tmp2d2cfd2a\hauptbild3.jpg'
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic]
gefunden.
Ausgeführte Aktion: Zugriff erlauben

23.01.2011 11:57 [Guard] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 10.0.1.56
Engine Version: 8.2.4.150
VDF Version: 7.11.1.216

23.01.2011 11:57 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 10.0.0.19

23.01.2011 11:56 [Guard] Dienst gestoppt
Der Dienst wurde gestoppt.

23.01.2011 11:55 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

23.01.2011 11:38 [Scanner] Malware gefunden
Die Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Temp\hoQAK.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '499da4b8.qua'
verschoben!

23.01.2011 11:38 [Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 63
Anzahl Verzeichnisse: 0
Anzahl Malware: 1
Anzahl Fehler: 0

23.01.2011 11:36 [Guard] Malware gefunden
In der Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Temp\hoQAK.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

23.01.2011 11:36 [Guard] Malware gefunden
In der Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Temp\hoQAK.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

23.01.2011 11:36 [Guard] Malware gefunden
In der Datei 'C:\Users\Piia - Muckelchen\AppData\Local\Temp\hoQAK.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben

trojan:

***** THE SYSTEM HAS BEEN RESTARTED *****
24.01.2011 11:16:58: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[Device Detector] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[GoogleUpdate] - already deleted
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\[VIDC.ACDV] - already deleted
=======================================================
24.01.2011 11:16:58: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 11:13:20 24 Jan 2011
Using Database v7645
Operating System: Windows 7 Professional [Build: 6.1.7600]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Piia - Muckelchen\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Piia - Muckelchen\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]

************************************************************

************************************************************
11:13:20: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
11:13:22: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\Windows\explorer.exe
2614272 bytes
Created: 20.12.2010 09:43
Modified: 31.10.2009 06:45
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
26112 bytes
Created: 14.07.2009 00:34
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Apoint
Value Data: C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apoint.exe
225280 bytes
Created: 30.07.2009 04:33
Modified: 30.07.2009 04:33
Company: Alps Electric Co., Ltd.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
35736 bytes
Created: 10.11.2010 12:49
Modified: 10.11.2010 12:49
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
932288 bytes
Created: 10.11.2010 12:49
Modified: 10.11.2010 12:49
Company: Adobe Systems Incorporated
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
281768 bytes
Created: 20.12.2010 20:19
Modified: 13.12.2010 08:39
Company: Avira GmbH
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
C:\Program Files\Common Files\Java\Java Update\jusched.exe
246504 bytes
Created: 11.01.2010 15:21
Modified: 11.01.2010 15:21
Company: Sun Microsystems, Inc.
--------------------
Value Name: AdobeAAMUpdater-1.0
Value Data: "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
500208 bytes
Created: 18.01.2011 13:49
Modified: 06.03.2010 03:44
Company: Adobe Systems Incorporated
--------------------
Value Name: SwitchBoard
Value Data: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
517096 bytes
Created: 19.02.2010 13:37
Modified: 19.02.2010 13:37
Company: Adobe Systems Incorporated
--------------------
Value Name: AdobeCS5ServiceManager
Value Data: "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
402432 bytes
Created: 22.02.2010 04:57
Modified: 22.07.2010 22:10
Company: Adobe Systems Incorporated
--------------------
Value Name: BCSSync
Value Data: "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
C:\Program Files\Microsoft Office\Office14\BCSSync.exe
91520 bytes
Created: 13.03.2010 14:54
Modified: 13.03.2010 14:54
Company: Microsoft Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: AnyDVD
Value Data: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
3124160 bytes
Created: 11.11.2009 12:29
Modified: 11.11.2009 12:29
Company: SlySoft, Inc.
--------------------
Value Name: Sony Ericsson PC Suite
Value Data: "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
393216 bytes
Created: 05.01.2011 10:41
Modified: 02.07.2008 16:16
Company: Sony Ericsson Mobile Communications AB
--------------------
Value Name: GoogleUpdate
Value Data: C:\Users\Piia - Muckelchen\Downloads\setup.exe
C:\Users\Piia - Muckelchen\Downloads\setup.exe - this registry value has been removed [file not found to scan]
--------------------
Value Name: JP595IR86O
Value Data: C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe
C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe
204288 bytes
Created: 23.01.2011 11:36
Modified: 23.01.2011 11:36
Company: Adobe Flash Player
--------------------
Value Name: {32A068F1-BA4F-03E6-B150-A98A13ED97A3}
Value Data: "C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye\weizd.exe"
C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye\weizd.exe
144896 bytes
Created: 19.12.2010 19:08
Modified: 19.12.2010 19:08
Company:
--------------------
Value Name: cleansweep.exe
Value Data: C:\cleansweep.exe\cleansweep.exe
C:\cleansweep.exe\cleansweep.exe
220672 bytes
Created: 20.12.2010 09:39
Modified: 24.03.2010 07:37
Company: largez
--------------------
Value Name: mute.exe
Value Data: C:\mute\mute.exe
C:\mute\mute.exe
168960 bytes
Created: 20.12.2010 09:39
Modified: 24.03.2010 07:37
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
11:13:38: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
4222864 bytes
Created: 25.03.2010 10:25
Modified: 25.03.2010 10:25
Company: Microsoft Corporation
----------

************************************************************
11:13:38: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
11:13:38: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
11:13:38: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
11:13:39: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: StorSvc
Path: %SystemRoot%\system32\storsvc.dll
C:\Windows\system32\storsvc.dll
16384 bytes
Created: 14.07.2009 00:45
Modified: 14.07.2009 02:16
Company: Microsoft Corporation
--------------------

************************************************************
11:13:47: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AdobeActiveFileMonitor7.0
ImagePath: C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
169312 bytes
Created: 16.09.2008 12:03
Modified: 16.09.2008 12:03
Company: Adobe Systems Incorporated
----------
Key: amdsata
ImagePath: \SystemRoot\system32\DRIVERS\amdsata.sys
C:\Windows\system32\DRIVERS\amdsata.sys
79952 bytes
Created: 10.06.2009 22:19
Modified: 14.07.2009 02:26
Company: Advanced Micro Devices
----------
Key: amdxata
ImagePath: system32\DRIVERS\amdxata.sys
C:\Windows\system32\DRIVERS\amdxata.sys
23616 bytes
Created: 13.07.2009 23:09
Modified: 14.07.2009 02:26
Company: Advanced Micro Devices
----------
Key: AnyDVD
ImagePath: System32\Drivers\AnyDVD.sys
C:\Windows\System32\Drivers\AnyDVD.sys
104512 bytes
Created: 11.11.2009 12:22
Modified: 11.11.2009 12:22
Company: SlySoft, Inc.
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\Windows\system32\DRIVERS\atapi.sys
21584 bytes
Created: 14.07.2009 00:11
Modified: 14.07.2009 02:26
Company: Microsoft Corporation
----------
Key: athur
ImagePath: system32\DRIVERS\athur.sys
C:\Windows\system32\DRIVERS\athur.sys
1500160 bytes
Created: 05.01.2011 09:47
Modified: 05.01.2010 19:20
Company: Atheros Communications, Inc.
----------
Key: clr_optimization_v4.0.30319_32
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 18.03.2010 13:16
Modified: 18.03.2010 13:16
Company: Microsoft Corporation
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
867080 bytes
Created: 20.12.2010 17:48
Modified: 20.12.2010 17:48
Company: Acresso Software Inc.
----------
Key: hwdatacard
ImagePath: system32\DRIVERS\ewusbmdm.sys
C:\Windows\system32\DRIVERS\ewusbmdm.sys
101760 bytes
Created: 19.12.2010 18:34
Modified: 24.07.2008 12:03
Company: Huawei Technologies Co., Ltd.
----------
Key: iaStorV
ImagePath: \SystemRoot\system32\DRIVERS\iaStorV.sys
C:\Windows\system32\DRIVERS\iaStorV.sys
332352 bytes
Created: 10.06.2009 22:19
Modified: 14.07.2009 02:20
Company: Intel Corporation
----------
Key: ISODrive
ImagePath: \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
C:\Program Files\UltraISO\drivers\ISODrive.sys
82320 bytes
Created: 25.12.2010 13:22
Modified: 29.01.2010 11:40
Company: EZB Systems, Inc.
----------
Key: KMWDFILTERx86
ImagePath: system32\DRIVERS\KMWDFILTER.sys
C:\Windows\system32\DRIVERS\KMWDFILTER.sys
25088 bytes
Created: 29.04.2009 15:37
Modified: 29.04.2009 15:37
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: Microsoft SharePoint Workspace Audit Service
ImagePath: "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
30969208 bytes
Created: 25.03.2010 10:25
Modified: 25.03.2010 10:25
Company: Microsoft Corporation
----------
Key: msahci
ImagePath: system32\DRIVERS\msahci.sys
C:\Windows\system32\DRIVERS\msahci.sys
27712 bytes
Created: 14.07.2009 00:45
Modified: 14.07.2009 02:20
Company: Microsoft Corporation
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\nvm62x32.sys
C:\Windows\system32\DRIVERS\nvm62x32.sys
347264 bytes
Created: 10.06.2009 22:18
Modified: 13.07.2009 23:02
Company: NVIDIA Corporation
----------
Key: osppsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4640000 bytes
Created: 09.01.2010 21:37
Modified: 09.01.2010 21:37
Company: Microsoft Corporation
----------
Key: s0017bus
ImagePath: system32\DRIVERS\s0017bus.sys
C:\Windows\system32\DRIVERS\s0017bus.sys
90536 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: s0017mdfl
ImagePath: system32\DRIVERS\s0017mdfl.sys
C:\Windows\system32\DRIVERS\s0017mdfl.sys
15016 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: s0017mdm
ImagePath: system32\DRIVERS\s0017mdm.sys
C:\Windows\system32\DRIVERS\s0017mdm.sys
122152 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: s0017mgmt
ImagePath: system32\DRIVERS\s0017mgmt.sys
C:\Windows\system32\DRIVERS\s0017mgmt.sys
115496 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: s0017nd5
ImagePath: system32\DRIVERS\s0017nd5.sys
C:\Windows\system32\DRIVERS\s0017nd5.sys
25768 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: s0017obex
ImagePath: system32\DRIVERS\s0017obex.sys
C:\Windows\system32\DRIVERS\s0017obex.sys
111912 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: s0017unic
ImagePath: system32\DRIVERS\s0017unic.sys
C:\Windows\system32\DRIVERS\s0017unic.sys
117672 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: Serenum
ImagePath: \SystemRoot\system32\DRIVERS\serenum.sys
C:\Windows\system32\DRIVERS\serenum.sys
17920 bytes
Created: 14.07.2009 00:45
Modified: 14.07.2009 00:45
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\DRIVERS\serial.sys
C:\Windows\system32\DRIVERS\serial.sys
83456 bytes
Created: 14.07.2009 00:45
Modified: 14.07.2009 00:45
Company: Microsoft Corporation
----------
Key: SIS163u
ImagePath: system32\DRIVERS\sis163u.sys
C:\Windows\system32\DRIVERS\sis163u.sys
218624 bytes
Created: 07.05.2007 00:00
Modified: 07.05.2007 00:00
Company: Silicon Integrated Systems Corp.
----------
Key: SrvHsfHDA
ImagePath: system32\DRIVERS\VSTAZL3.SYS
C:\Windows\system32\DRIVERS\VSTAZL3.SYS
207360 bytes
Created: 13.07.2009 23:13
Modified: 13.07.2009 23:13
Company: Conexant Systems, Inc.
----------
Key: SrvHsfWinac
ImagePath: system32\DRIVERS\VSTCNXT3.SYS
C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
661504 bytes
Created: 13.07.2009 23:13
Modified: 13.07.2009 23:13
Company: Conexant Systems, Inc.
----------
Key: Stereo Service
ImagePath: C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
369256 bytes
Created: 16.10.2010 11:46
Modified: 16.10.2010 11:46
Company: NVIDIA Corporation
----------
Key: SwitchBoard
ImagePath: "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
517096 bytes
Created: 19.02.2010 13:37
Modified: 19.02.2010 13:37
Company: Adobe Systems Incorporated
----------
Key: TeamViewer6
ImagePath: C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
2222376 bytes
Created: 19.12.2010 19:28
Modified: 30.11.2010 18:08
Company: TeamViewer GmbH
----------
Key: vwififlt
ImagePath: system32\DRIVERS\vwififlt.sys
C:\Windows\system32\DRIVERS\vwififlt.sys
48128 bytes
Created: 14.07.2009 00:52
Modified: 14.07.2009 00:52
Company: Microsoft Corporation
----------
Key: Wd
ImagePath: system32\DRIVERS\wd.sys
C:\Windows\system32\DRIVERS\wd.sys
19024 bytes
Created: 14.07.2009 00:11
Modified: 14.07.2009 02:19
Company: Microsoft Corporation
----------
Key: WinUsb
ImagePath: system32\DRIVERS\WinUsb.sys
C:\Windows\system32\DRIVERS\WinUsb.sys
34944 bytes
Created: 14.07.2009 00:51
Modified: 14.07.2009 00:51
Company: Microsoft Corporation
----------

************************************************************
11:14:12: Scanning -----VXD ENTRIES-----

************************************************************
11:14:12: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan
Rootkit scan of Winlogon\Notify key not possible [key may not exist]

************************************************************
11:14:12: Scanning ----- CONTEXTMENUHANDLERS -----
Key: XXX Groove GFS Context Menu Handler XXX
CLSID: {6C467336-8281-4E60-8204-430CED96822D}
Path: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
4222864 bytes
Created: 25.03.2010 10:25
Modified: 25.03.2010 10:25
Company: Microsoft Corporation
----------

************************************************************
11:14:14: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
397824 bytes
Created: 15.12.2009 18:05
Modified: 15.12.2009 18:05
Company: OpenOffice.org
----------

************************************************************
11:14:15: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
561552 bytes
Created: 28.02.2010 02:20
Modified: 28.02.2010 02:20
Company: Microsoft Corporation
----------

************************************************************
11:14:16: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
11:14:16: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
11:14:16: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
11:14:16: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
11:14:17: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
11:14:17: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14.07.2009 05:41
Modified: 14.07.2009 05:41
Company: [no info]
--------------------

************************************************************
11:14:18: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Piia - Muckelchen
[C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 19.12.2010 18:30
Modified: 21.12.2010 07:15
Company: [no info]
----------
OpenOffice.org 3.2.lnk - links to C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
384000 bytes
Created: 15.12.2009 11:30
Modified: 15.12.2009 11:30
Company: [no info]
----------
--------------------

************************************************************
11:14:19: Scanning ----- SCHEDULED TASKS -----
Taskname: {22116563-108C-42c0-A7CE-60161B75E508}
File: C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe
C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe
204288 bytes
Created: 23.01.2011 11:36
Modified: 23.01.2011 11:36
Company: Adobe Flash Player
Schedule: Multiple schedule times
Next Run Time: 24.01.2011 11:46:00
Status: Ready
Creator: Piia - Muckelchen
Comments:
----------
Taskname: {62C40AA6-4406-467a-A5A5-DFDF1B559B7A}
File: C:\Windows\Crahea.exe
C:\Windows\Crahea.exe
201728 bytes
Created: 23.01.2011 11:37
Modified: 23.01.2011 11:36
Company: Adobe Flash Player
Schedule: Multiple schedule times
Next Run Time: 24.01.2011 11:43:00
Status: Running
Creator: Piia - Muckelchen
Comments:
----------
Taskname: {A5E2AE77-D229-48E5-B625-BF24A3DCE643}
File: C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Phone\Skype.exe
-R- 14944136 bytes
Created: 03.12.2010 16:46
Modified: 03.12.2010 16:46
Company: Skype Technologies S.A.
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetupLight
Comments:
----------
Taskname: {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}
File: C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe
C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe
195584 bytes
Created: 23.01.2011 11:36
Modified: 23.01.2011 11:36
Company: Adobe Flash Player
Schedule: Multiple schedule times
Next Run Time: 24.01.2011 11:52:00
Status: Ready
Creator: Piia - Muckelchen
Comments:
----------
Taskname: AdobeAAMUpdater-1.0-Amilo-Piia - Muckelchen
File: C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
500208 bytes
Created: 18.01.2011 13:49
Modified: 06.03.2010 03:44
Company: Adobe Systems Incorporated
Parameters: -mode=scheduled
Schedule: At 02:00:00 every day
Next Run Time: 25.01.2011 02:00:00
Status: Ready
Creator: Author Name
Comments:
----------

************************************************************
11:14:23: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: Groove Explorer Icon Overlay 1 (GFS Unread Stub)
CLSID: {99FD978C-D287-4F50-827F-B2C658EDA8E7}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: Groove Explorer Icon Overlay 2 (GFS Stub)
CLSID: {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
CLSID: {920E6DB1-9907-4370-B3A0-BAFC03D81399}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: Groove Explorer Icon Overlay 3 (GFS Folder)
CLSID: {16F3DD56-1AF5-4347-846D-7C10C4192619}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: Groove Explorer Icon Overlay 4 (GFS Unread Mark)
CLSID: {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\Windows\system32\ntshrui.dll
442880 bytes
Created: 14.07.2009 00:41
Modified: 14.07.2009 02:16
Company: Microsoft Corporation
----------

************************************************************
11:14:25: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.ACDV
File: ACDV.dll
ACDV.dll - this registry value has been removed [file not found to scan]
----------

************************************************************
11:14:35: ----- ADDITIONAL CHECKS -----
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
1720427 bytes
Created: 19.12.2010 18:30
Modified: 03.01.2011 11:25
Company: [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
11:14:37: Scanning ----- RUNNING PROCESSES -----

C:\Windows\system32\taskeng.exe
192000 bytes
Created: 20.12.2010 10:00
Modified: 02.11.2010 05:34
Company: Microsoft Corporation
--------------------
C:\Windows\system32\Dwm.exe
92672 bytes
Created: 14.07.2009 00:24
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------
C:\Windows\Crahea.exe - file already scanned
--------------------
C:\Program Files\Apoint2K\Apoint.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe - file already scanned
--------------------
C:\Program Files\Common Files\Java\Java Update\jusched.exe - file already scanned
--------------------
C:\Program Files\Apoint2K\ApMsgFwd.exe
42280 bytes
Created: 16.07.2009 00:42
Modified: 16.07.2009 00:42
Company: Alps Electric Co., Ltd.
--------------------
C:\Program Files\Apoint2K\Apntex.exe
49152 bytes
Created: 31.01.2009 09:15
Modified: 31.01.2009 09:15
Company: Alps Electric Co., Ltd.
--------------------
C:\Program Files\OpenOffice.org 3\program\soffice.bin
7418368 bytes
Created: 02.02.2010 00:15
Modified: 02.02.2010 00:15
Company: OpenOffice.org
--------------------
C:\Windows\system32\taskmgr.exe
227328 bytes
Created: 14.07.2009 00:20
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\wuauclt.exe
47104 bytes
Created: 14.07.2009 01:14
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 3687344
[This is a Trojan Remover component]
--------------------
C:\Windows\system32\SearchFilterHost.exe
86528 bytes
Created: 14.07.2009 01:13
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\SearchProtocolHost.exe
164352 bytes
Created: 14.07.2009 01:14
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------
C:\Windows\explorer.exe - file already scanned
--------------------
C:\Windows\system32\WerFault.exe
360448 bytes
Created: 14.07.2009 00:27
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------

************************************************************
11:14:41: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\System32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 11:14:42 24 Jan 2011
Total Scan time: 00:01:21
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
24.01.2011 11:14:47: restart commenced
************************************************************


======================================
[INCOMPLETE SCAN LOG RECOVERED]
======================================
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 11:11:53 24 Jan 2011
Using Database v7645
Operating System: Windows 7 Professional [Build: 6.1.7600]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Piia - Muckelchen\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Piia - Muckelchen\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]

************************************************************

************************************************************
11:11:54: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
11:11:56: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\Windows\explorer.exe
2614272 bytes
Created: 20.12.2010 09:43
Modified: 31.10.2009 06:45
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
26112 bytes
Created: 14.07.2009 00:34
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Apoint
Value Data: C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apoint.exe
225280 bytes
Created: 30.07.2009 04:33
Modified: 30.07.2009 04:33
Company: Alps Electric Co., Ltd.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
35736 bytes
Created: 10.11.2010 12:49
Modified: 10.11.2010 12:49
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
932288 bytes
Created: 10.11.2010 12:49
Modified: 10.11.2010 12:49
Company: Adobe Systems Incorporated
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
281768 bytes
Created: 20.12.2010 20:19
Modified: 13.12.2010 08:39
Company: Avira GmbH
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
C:\Program Files\Common Files\Java\Java Update\jusched.exe
246504 bytes
Created: 11.01.2010 15:21
Modified: 11.01.2010 15:21
Company: Sun Microsystems, Inc.
--------------------
Value Name: AdobeAAMUpdater-1.0
Value Data: "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
500208 bytes
Created: 18.01.2011 13:49
Modified: 06.03.2010 03:44
Company: Adobe Systems Incorporated
--------------------
Value Name: SwitchBoard
Value Data: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
517096 bytes
Created: 19.02.2010 13:37
Modified: 19.02.2010 13:37
Company: Adobe Systems Incorporated
--------------------
Value Name: AdobeCS5ServiceManager
Value Data: "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
402432 bytes
Created: 22.02.2010 04:57
Modified: 22.07.2010 22:10
Company: Adobe Systems Incorporated
--------------------
Value Name: BCSSync
Value Data: "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
C:\Program Files\Microsoft Office\Office14\BCSSync.exe
91520 bytes
Created: 13.03.2010 14:54
Modified: 13.03.2010 14:54
Company: Microsoft Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: Device Detector
Value Data: DevDetect.exe -autorun
DevDetect.exe -autorun - this registry value has been removed [file not found to scan]
--------------------
Value Name: AnyDVD
Value Data: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
3124160 bytes
Created: 11.11.2009 12:29
Modified: 11.11.2009 12:29
Company: SlySoft, Inc.
--------------------
Value Name: Sony Ericsson PC Suite
Value Data: "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
393216 bytes
Created: 05.01.2011 10:41
Modified: 02.07.2008 16:16
Company: Sony Ericsson Mobile Communications AB
--------------------
Value Name: GoogleUpdate
Value Data: C:\Users\Piia - Muckelchen\Downloads\setup.exe
ERROR: EStackOverflow calling [Unhandled] in procedure ScanForm.CommandOK: Stack overflow
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[INCOMPLETE SCAN LOG RECOVERED]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

======================================
[INCOMPLETE SCAN LOG RECOVERED]
======================================
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 16:42:09 23 Jan 2011
Using Database v7645
Operating System: Windows 7 Professional [Build: 6.1.7600]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Piia - Muckelchen\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Piia - Muckelchen\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
Carrying out scan on C:\
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[INCOMPLETE SCAN LOG RECOVERED]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 16:40:35 23 Jan 2011
Using Database v7645
Operating System: Windows 7 Professional [Build: 6.1.7600]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Piia - Muckelchen\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Piia - Muckelchen\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
16:40:35: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
16:40:36: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\Windows\explorer.exe
2614272 bytes
Created: 20.12.2010 09:43
Modified: 31.10.2009 06:45
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
26112 bytes
Created: 14.07.2009 00:34
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Apoint
Value Data: C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apoint.exe
225280 bytes
Created: 30.07.2009 04:33
Modified: 30.07.2009 04:33
Company: Alps Electric Co., Ltd.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
35736 bytes
Created: 10.11.2010 12:49
Modified: 10.11.2010 12:49
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
932288 bytes
Created: 10.11.2010 12:49
Modified: 10.11.2010 12:49
Company: Adobe Systems Incorporated
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
281768 bytes
Created: 20.12.2010 20:19
Modified: 13.12.2010 08:39
Company: Avira GmbH
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
C:\Program Files\Common Files\Java\Java Update\jusched.exe
246504 bytes
Created: 11.01.2010 15:21
Modified: 11.01.2010 15:21
Company: Sun Microsystems, Inc.
--------------------
Value Name: AdobeAAMUpdater-1.0
Value Data: "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
500208 bytes
Created: 18.01.2011 13:49
Modified: 06.03.2010 03:44
Company: Adobe Systems Incorporated
--------------------
Value Name: SwitchBoard
Value Data: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
517096 bytes
Created: 19.02.2010 13:37
Modified: 19.02.2010 13:37
Company: Adobe Systems Incorporated
--------------------
Value Name: AdobeCS5ServiceManager
Value Data: "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
402432 bytes
Created: 22.02.2010 04:57
Modified: 22.07.2010 22:10
Company: Adobe Systems Incorporated
--------------------
Value Name: BCSSync
Value Data: "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
C:\Program Files\Microsoft Office\Office14\BCSSync.exe
91520 bytes
Created: 13.03.2010 14:54
Modified: 13.03.2010 14:54
Company: Microsoft Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1167296 bytes
Created: 23.01.2011 16:24
Modified: 05.07.2010 12:49
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: Device Detector
Value Data: DevDetect.exe -autorun
DevDetect.exe - [file not found to scan]
--------------------
Value Name: AnyDVD
Value Data: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
3124160 bytes
Created: 11.11.2009 12:29
Modified: 11.11.2009 12:29
Company: SlySoft, Inc.
--------------------
Value Name: Sony Ericsson PC Suite
Value Data: "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
393216 bytes
Created: 05.01.2011 10:41
Modified: 02.07.2008 16:16
Company: Sony Ericsson Mobile Communications AB
--------------------
Value Name: GoogleUpdate
Value Data: C:\Users\Piia - Muckelchen\Downloads\setup.exe
C:\Users\Piia - Muckelchen\Downloads\setup.exe - [file not found to scan]
--------------------
Value Name: JP595IR86O
Value Data: C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe
C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe
204288 bytes
Created: 23.01.2011 11:36
Modified: 23.01.2011 11:36
Company: Adobe Flash Player
--------------------
Value Name: {32A068F1-BA4F-03E6-B150-A98A13ED97A3}
Value Data: "C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye\weizd.exe"
C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye\weizd.exe
144896 bytes
Created: 19.12.2010 19:08
Modified: 19.12.2010 19:08
Company:
--------------------
Value Name: cleansweep.exe
Value Data: C:\cleansweep.exe\cleansweep.exe
C:\cleansweep.exe\cleansweep.exe
220672 bytes
Created: 20.12.2010 09:39
Modified: 24.03.2010 07:37
Company: largez
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
16:40:43: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
4222864 bytes
Created: 25.03.2010 10:25
Modified: 25.03.2010 10:25
Company: Microsoft Corporation
----------

************************************************************
16:40:43: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
16:40:44: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
16:40:44: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
16:40:44: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: StorSvc
Path: %SystemRoot%\system32\storsvc.dll
C:\Windows\system32\storsvc.dll
16384 bytes
Created: 14.07.2009 00:45
Modified: 14.07.2009 02:16
Company: Microsoft Corporation
--------------------

************************************************************
16:40:46: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AdobeActiveFileMonitor7.0
ImagePath: C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
169312 bytes
Created: 16.09.2008 12:03
Modified: 16.09.2008 12:03
Company: Adobe Systems Incorporated
----------
Key: amdsata
ImagePath: \SystemRoot\system32\DRIVERS\amdsata.sys
C:\Windows\system32\DRIVERS\amdsata.sys
79952 bytes
Created: 10.06.2009 22:19
Modified: 14.07.2009 02:26
Company: Advanced Micro Devices
----------
Key: amdxata
ImagePath: system32\DRIVERS\amdxata.sys
C:\Windows\system32\DRIVERS\amdxata.sys
23616 bytes
Created: 13.07.2009 23:09
Modified: 14.07.2009 02:26
Company: Advanced Micro Devices
----------
Key: AnyDVD
ImagePath: System32\Drivers\AnyDVD.sys
C:\Windows\System32\Drivers\AnyDVD.sys
104512 bytes
Created: 11.11.2009 12:22
Modified: 11.11.2009 12:22
Company: SlySoft, Inc.
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\Windows\system32\DRIVERS\atapi.sys
21584 bytes
Created: 14.07.2009 00:11
Modified: 14.07.2009 02:26
Company: Microsoft Corporation
----------
Key: athur
ImagePath: system32\DRIVERS\athur.sys
C:\Windows\system32\DRIVERS\athur.sys
1500160 bytes
Created: 05.01.2011 09:47
Modified: 05.01.2010 19:20
Company: Atheros Communications, Inc.
----------
Key: clr_optimization_v4.0.30319_32
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 18.03.2010 13:16
Modified: 18.03.2010 13:16
Company: Microsoft Corporation
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
867080 bytes
Created: 20.12.2010 17:48
Modified: 20.12.2010 17:48
Company: Acresso Software Inc.
----------
Key: hwdatacard
ImagePath: system32\DRIVERS\ewusbmdm.sys
C:\Windows\system32\DRIVERS\ewusbmdm.sys
101760 bytes
Created: 19.12.2010 18:34
Modified: 24.07.2008 12:03
Company: Huawei Technologies Co., Ltd.
----------
Key: iaStorV
ImagePath: \SystemRoot\system32\DRIVERS\iaStorV.sys
C:\Windows\system32\DRIVERS\iaStorV.sys
332352 bytes
Created: 10.06.2009 22:19
Modified: 14.07.2009 02:20
Company: Intel Corporation
----------
Key: ISODrive
ImagePath: \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
C:\Program Files\UltraISO\drivers\ISODrive.sys
82320 bytes
Created: 25.12.2010 13:22
Modified: 29.01.2010 11:40
Company: EZB Systems, Inc.
----------
Key: KMWDFILTERx86
ImagePath: system32\DRIVERS\KMWDFILTER.sys
C:\Windows\system32\DRIVERS\KMWDFILTER.sys
25088 bytes
Created: 29.04.2009 15:37
Modified: 29.04.2009 15:37
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: Microsoft SharePoint Workspace Audit Service
ImagePath: "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
30969208 bytes
Created: 25.03.2010 10:25
Modified: 25.03.2010 10:25
Company: Microsoft Corporation
----------
Key: msahci
ImagePath: system32\DRIVERS\msahci.sys
C:\Windows\system32\DRIVERS\msahci.sys
27712 bytes
Created: 14.07.2009 00:45
Modified: 14.07.2009 02:20
Company: Microsoft Corporation
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\nvm62x32.sys
C:\Windows\system32\DRIVERS\nvm62x32.sys
347264 bytes
Created: 10.06.2009 22:18
Modified: 13.07.2009 23:02
Company: NVIDIA Corporation
----------
Key: osppsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4640000 bytes
Created: 09.01.2010 21:37
Modified: 09.01.2010 21:37
Company: Microsoft Corporation
----------
Key: s0017bus
ImagePath: system32\DRIVERS\s0017bus.sys
C:\Windows\system32\DRIVERS\s0017bus.sys
90536 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: s0017mdfl
ImagePath: system32\DRIVERS\s0017mdfl.sys
C:\Windows\system32\DRIVERS\s0017mdfl.sys
15016 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: s0017mdm
ImagePath: system32\DRIVERS\s0017mdm.sys
C:\Windows\system32\DRIVERS\s0017mdm.sys
122152 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: s0017mgmt
ImagePath: system32\DRIVERS\s0017mgmt.sys
C:\Windows\system32\DRIVERS\s0017mgmt.sys
115496 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: s0017nd5
ImagePath: system32\DRIVERS\s0017nd5.sys
C:\Windows\system32\DRIVERS\s0017nd5.sys
25768 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: s0017obex
ImagePath: system32\DRIVERS\s0017obex.sys
C:\Windows\system32\DRIVERS\s0017obex.sys
111912 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: s0017unic
ImagePath: system32\DRIVERS\s0017unic.sys
C:\Windows\system32\DRIVERS\s0017unic.sys
117672 bytes
Created: 05.01.2011 10:41
Modified: 27.05.2008 11:41
Company: MCCI Corporation
----------
Key: Serenum
ImagePath: \SystemRoot\system32\DRIVERS\serenum.sys
C:\Windows\system32\DRIVERS\serenum.sys
17920 bytes
Created: 14.07.2009 00:45
Modified: 14.07.2009 00:45
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\DRIVERS\serial.sys
C:\Windows\system32\DRIVERS\serial.sys
83456 bytes
Created: 14.07.2009 00:45
Modified: 14.07.2009 00:45
Company: Microsoft Corporation
----------
Key: SIS163u
ImagePath: system32\DRIVERS\sis163u.sys
C:\Windows\system32\DRIVERS\sis163u.sys
218624 bytes
Created: 07.05.2007 00:00
Modified: 07.05.2007 00:00
Company: Silicon Integrated Systems Corp.
----------
Key: SrvHsfHDA
ImagePath: system32\DRIVERS\VSTAZL3.SYS
C:\Windows\system32\DRIVERS\VSTAZL3.SYS
207360 bytes
Created: 13.07.2009 23:13
Modified: 13.07.2009 23:13
Company: Conexant Systems, Inc.
----------
Key: SrvHsfWinac
ImagePath: system32\DRIVERS\VSTCNXT3.SYS
C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
661504 bytes
Created: 13.07.2009 23:13
Modified: 13.07.2009 23:13
Company: Conexant Systems, Inc.
----------
Key: Stereo Service
ImagePath: C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
369256 bytes
Created: 16.10.2010 11:46
Modified: 16.10.2010 11:46
Company: NVIDIA Corporation
----------
Key: SwitchBoard
ImagePath: "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
517096 bytes
Created: 19.02.2010 13:37
Modified: 19.02.2010 13:37
Company: Adobe Systems Incorporated
----------
Key: TeamViewer6
ImagePath: C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
2222376 bytes
Created: 19.12.2010 19:28
Modified: 30.11.2010 18:08
Company: TeamViewer GmbH
----------
Key: vwififlt
ImagePath: system32\DRIVERS\vwififlt.sys
C:\Windows\system32\DRIVERS\vwififlt.sys
48128 bytes
Created: 14.07.2009 00:52
Modified: 14.07.2009 00:52
Company: Microsoft Corporation
----------
Key: Wd
ImagePath: system32\DRIVERS\wd.sys
C:\Windows\system32\DRIVERS\wd.sys
19024 bytes
Created: 14.07.2009 00:11
Modified: 14.07.2009 02:19
Company: Microsoft Corporation
----------
Key: WinUsb
ImagePath: system32\DRIVERS\WinUsb.sys
C:\Windows\system32\DRIVERS\WinUsb.sys
34944 bytes
Created: 14.07.2009 00:51
Modified: 14.07.2009 00:51
Company: Microsoft Corporation
----------

************************************************************
16:41:11: Scanning -----VXD ENTRIES-----

************************************************************
16:41:11: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan
Rootkit scan of Winlogon\Notify key not possible [key may not exist]

************************************************************
16:41:11: Scanning ----- CONTEXTMENUHANDLERS -----
Key: XXX Groove GFS Context Menu Handler XXX
CLSID: {6C467336-8281-4E60-8204-430CED96822D}
Path: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
4222864 bytes
Created: 25.03.2010 10:25
Modified: 25.03.2010 10:25
Company: Microsoft Corporation
----------

************************************************************
16:41:11: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
397824 bytes
Created: 15.12.2009 18:05
Modified: 15.12.2009 18:05
Company: OpenOffice.org
----------

************************************************************
16:41:12: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
561552 bytes
Created: 28.02.2010 02:20
Modified: 28.02.2010 02:20
Company: Microsoft Corporation
----------

************************************************************
16:41:12: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
16:41:13: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
16:41:13: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
16:41:13: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
16:41:14: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
16:41:14: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14.07.2009 05:41
Modified: 14.07.2009 05:41
Company: [no info]
--------------------

************************************************************
16:41:15: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Piia - Muckelchen
[C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 19.12.2010 18:30
Modified: 21.12.2010 07:15
Company: [no info]
----------
OpenOffice.org 3.2.lnk - links to C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
384000 bytes
Created: 15.12.2009 11:30
Modified: 15.12.2009 11:30
Company: [no info]
----------
--------------------

************************************************************
16:41:16: Scanning ----- SCHEDULED TASKS -----
Taskname: {22116563-108C-42c0-A7CE-60161B75E508}
File: C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe
C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe
204288 bytes
Created: 23.01.2011 11:36
Modified: 23.01.2011 11:36
Company: Adobe Flash Player
Schedule: Multiple schedule times
Next Run Time: 23.01.2011 16:52:00
Status: Ready
Creator: Piia - Muckelchen
Comments:
----------
Taskname: {62C40AA6-4406-467a-A5A5-DFDF1B559B7A}
File: C:\Windows\Crahea.exe
C:\Windows\Crahea.exe
201728 bytes
Created: 23.01.2011 11:37
Modified: 23.01.2011 11:36
Company: Adobe Flash Player
Schedule: Multiple schedule times
Next Run Time: 23.01.2011 17:36:00
Status: Running
Creator: Piia - Muckelchen
Comments:
----------
Taskname: {A5E2AE77-D229-48E5-B625-BF24A3DCE643}
File: C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Phone\Skype.exe
-R- 14944136 bytes
Created: 03.12.2010 16:46
Modified: 03.12.2010 16:46
Company: Skype Technologies S.A.
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetupLight
Comments:
----------
Taskname: {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}
File: C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe
C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe
195584 bytes
Created: 23.01.2011 11:36
Modified: 23.01.2011 11:36
Company: Adobe Flash Player
Schedule: Multiple schedule times
Next Run Time: 23.01.2011 17:02:00
Status: Ready
Creator: Piia - Muckelchen
Comments:
----------
Taskname: AdobeAAMUpdater-1.0-Amilo-Piia - Muckelchen
File: C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
500208 bytes
Created: 18.01.2011 13:49
Modified: 06.03.2010 03:44
Company: Adobe Systems Incorporated
Parameters: -mode=scheduled
Schedule: At 02:00:00 every day
Next Run Time: 24.01.2011 02:00:00
Status: Ready
Creator: Author Name
Comments:
----------

************************************************************
16:41:20: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: Groove Explorer Icon Overlay 1 (GFS Unread Stub)
CLSID: {99FD978C-D287-4F50-827F-B2C658EDA8E7}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: Groove Explorer Icon Overlay 2 (GFS Stub)
CLSID: {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
CLSID: {920E6DB1-9907-4370-B3A0-BAFC03D81399}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: Groove Explorer Icon Overlay 3 (GFS Folder)
CLSID: {16F3DD56-1AF5-4347-846D-7C10C4192619}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: Groove Explorer Icon Overlay 4 (GFS Unread Mark)
CLSID: {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\Windows\system32\ntshrui.dll
442880 bytes
Created: 14.07.2009 00:41
Modified: 14.07.2009 02:16
Company: Microsoft Corporation
----------

************************************************************
16:41:22: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.ACDV
File: ACDV.dll
ACDV.dll - [file not found to scan]
----------

************************************************************
16:41:22: ----- ADDITIONAL CHECKS -----
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
1720427 bytes
Created: 19.12.2010 18:30
Modified: 03.01.2011 11:25
Company: [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
16:41:25: Scanning ----- RUNNING PROCESSES -----

C:\Windows\system32\Dwm.exe
92672 bytes
Created: 14.07.2009 00:24
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------
C:\Windows\Explorer.EXE - file already scanned
--------------------
C:\Windows\system32\taskeng.exe
192000 bytes
Created: 20.12.2010 10:00
Modified: 02.11.2010 05:34
Company: Microsoft Corporation
--------------------
C:\Windows\system32\taskhost.exe
49152 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------
C:\Windows\Crahea.exe - file already scanned
--------------------
C:\Program Files\Apoint2K\Apoint.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe - file already scanned
--------------------
C:\Program Files\Common Files\Java\Java Update\jusched.exe - file already scanned
--------------------
C:\Program Files\Common Files\ACD Systems\DE\DevDetect.exe
604496 bytes
Created: 06.04.2010 15:26
Modified: 06.04.2010 15:26
Company: ACD Systems International Inc.
--------------------
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe - file already scanned
--------------------
C:\Program Files\OpenOffice.org 3\program\soffice.exe
7424000 bytes
Created: 02.02.2010 00:15
Modified: 02.02.2010 00:15
Company: OpenOffice.org
--------------------
C:\Program Files\OpenOffice.org 3\program\soffice.bin
7418368 bytes
Created: 02.02.2010 00:15
Modified: 02.02.2010 00:15
Company: OpenOffice.org
--------------------
C:\Program Files\Apoint2K\ApMsgFwd.exe
42280 bytes
Created: 16.07.2009 00:42
Modified: 16.07.2009 00:42
Company: Alps Electric Co., Ltd.
--------------------
C:\Program Files\Apoint2K\Apntex.exe
49152 bytes
Created: 31.01.2009 09:15
Modified: 31.01.2009 09:15
Company: Alps Electric Co., Ltd.
--------------------
C:\Windows\system32\conhost.exe
271360 bytes
Created: 14.07.2009 00:25
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\wuauclt.exe
47104 bytes
Created: 14.07.2009 01:14
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------
C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe - file already scanned
--------------------
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
490216 bytes
Created: 11.01.2010 15:21
Modified: 11.01.2010 15:21
Company: Sun Microsystems, Inc.
--------------------
C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe - file already scanned
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 3687344
[This is a Trojan Remover component]
--------------------
C:\Windows\system32\SearchFilterHost.exe
86528 bytes
Created: 14.07.2009 01:13
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------

************************************************************
16:41:31: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\System32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 16:41:32 23 Jan 2011
Total Scan time: 00:00:56
************************************************************

Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

OLT.txtOTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 24.01.2011 15:46:11 - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = C:\Users\Piia - Muckelchen\Desktop\MFTools
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 192,06 Gb Total Space | 63,90 Gb Free Space | 33,27% Space Free | Partition Type: NTFS
Drive D: | 94,03 Gb Total Space | 93,94 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
 
Computer Name: AMILO | User Name: Piia - Muckelchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Piia - Muckelchen\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe (Adobe Flash Player)
PRC - C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe (Adobe Flash Player)
PRC - C:\Windows\Crahea.exe (Adobe Flash Player)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Piia - Muckelchen\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ()
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe ()
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys ()
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll ()
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll ()
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 6B 6F 24 0A BB CB 01  [binary data]
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll ()
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.19 21:38:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.22 10:17:09 | 000,000,000 | ---D | M]
 
[2010.12.19 21:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piia - Muckelchen\AppData\Roaming\mozilla\Extensions
[2010.12.19 21:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piia - Muckelchen\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.12.19 21:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piia - Muckelchen\AppData\Roaming\mozilla\Firefox\Profiles\2wqkc34e.default\extensions
[2011.01.24 11:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.12.19 21:38:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.12.20 10:56:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.12.22 10:17:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.12.03 20:43:34 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2010.12.03 20:43:34 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2010.12.22 10:16:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2010.12.03 20:43:34 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2010.11.10 12:49:36 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [{32A068F1-BA4F-03E6-B150-A98A13ED97A3}] C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye\weizd.exe ()
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [{40ED5C22-FE26-5E04-1C5C-09ED42F49C41}] C:\Users\Piia - Muckelchen\AppData\Roaming\Leisin\nuac.exe (Avira GmbH)
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe ()
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe (largez)
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [JP595IR86O] C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe (Adobe Flash Player)
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [mute.exe] C:\mute\mute.exe ()
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll ()
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL ()
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll ()
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ()
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6aa9b93f-0b94-11e0-a503-00140b410566}\Shell - "" = AutoRun
O33 - MountPoints2\{6aa9b93f-0b94-11e0-a503-00140b410566}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6aa9b97d-0b94-11e0-a503-00140b410566}\Shell - "" = AutoRun
O33 - MountPoints2\{6aa9b97d-0b94-11e0-a503-00140b410566}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6aa9b986-0b94-11e0-a503-00140b410566}\Shell - "" = AutoRun
O33 - MountPoints2\{6aa9b986-0b94-11e0-a503-00140b410566}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6aa9b98a-0b94-11e0-a503-00140b410566}\Shell - "" = AutoRun
O33 - MountPoints2\{6aa9b98a-0b94-11e0-a503-00140b410566}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{79397e96-0c0e-11e0-9a9f-00140b410566}\Shell - "" = AutoRun
O33 - MountPoints2\{79397e96-0c0e-11e0-9a9f-00140b410566}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{79397e99-0c0e-11e0-9a9f-00140b410566}\Shell - "" = AutoRun
O33 - MountPoints2\{79397e99-0c0e-11e0-9a9f-00140b410566}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.24 12:14:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.24 12:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.01.24 12:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.01.24 12:10:43 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Malwarebytes
[2011.01.24 12:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.24 12:10:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.24 12:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.24 12:10:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.24 12:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.24 12:09:19 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\MFTools
[2011.01.23 16:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.01.23 16:25:39 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Documents\Simply Super Software
[2011.01.23 16:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011.01.23 16:24:52 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2011.01.23 16:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011.01.23 16:24:30 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Simply Super Software
[2011.01.23 16:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011.01.23 12:22:04 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye
[2011.01.23 12:22:04 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Muwy
[2011.01.23 12:21:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.01.23 12:17:12 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Anthropics
[2011.01.23 12:14:50 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Avira
[2011.01.23 12:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Portrait Professional Studio 9
[2011.01.23 12:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Portrait Professional Studio 9
[2011.01.23 11:37:04 | 000,201,728 | ---- | C] (Adobe Flash Player) -- C:\Windows\Crahea.exe
[2011.01.22 20:27:53 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\III
[2011.01.22 20:09:13 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Local\Phase_One
[2011.01.22 20:08:02 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\CaptureOne
[2011.01.22 20:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Phase One
[2011.01.22 20:05:29 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Local\CaptureOne
[2011.01.22 20:04:52 | 000,024,192 | ---- | C] (Phase One A/S) -- C:\Windows\System32\drivers\p1c1394.sys
[2011.01.22 20:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phase One
[2011.01.22 20:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Phase One
[2011.01.22 20:01:40 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\capture one 4.5.1
[2011.01.21 11:22:08 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Jul
[2011.01.20 19:41:58 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.01.20 16:28:09 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Alex
[2011.01.20 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Adobe Mini Bridge CS5
[2011.01.20 14:29:40 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.20 14:26:29 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Leisin
[2011.01.20 13:05:25 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\HP
[2011.01.18 13:53:24 | 000,001,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.lnk
[2011.01.18 10:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\phase5
[2011.01.18 10:22:10 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
[2011.01.17 19:57:28 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Mein Beschützer der Wolf
[2011.01.13 14:34:22 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Canneverbe Limited
[2011.01.13 14:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011.01.13 14:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.01.13 14:34:03 | 000,001,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011.01.13 14:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011.01.13 14:33:52 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Local\OpenCandy
[2011.01.13 14:33:50 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\OpenCandy
[2011.01.13 14:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011.01.12 08:58:09 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 08:58:03 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.12 08:58:03 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.12 08:58:02 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.01.12 08:58:01 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.01.12 08:58:01 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.01.12 08:58:00 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.01.12 08:57:59 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.01.12 08:57:59 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.12 08:57:59 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.01.12 08:57:58 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.01.12 08:57:58 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.01.12 08:57:58 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.01.12 08:57:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.12 08:57:57 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.08 21:16:27 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Ein Tag am Meer
[2011.01.07 20:09:12 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Documents\Movies2DVDProjects
[2011.01.07 20:09:12 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\FreeMoviesToDVD
[2011.01.07 20:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videos To DVD
[2011.01.07 20:08:16 | 000,327,680 | ---- | C] (Viscom Software VISCOM Image SDK ActiveX | Imaging SDK ActiveX | Best Digital Signage software system | Best Real Time Display software system | OCR SDK ActiveX | Barcode Writer SDK ActiveX | BarCode SDK ActiveX | Video SDK ActiveX | H.264 SDK | PDF SDK ActiveX | FL) -- C:\Windows\System32\dvdauthor.ocx
[2011.01.07 20:08:16 | 000,233,472 | ---- | C] (Viscom Software VISCOM Image SDK ActiveX | Imaging SDK ActiveX | Best Digital Signage software system | Best Real Time Display software system | OCR SDK ActiveX | Barcode Writer SDK ActiveX | BarCode SDK ActiveX | Video SDK ActiveX | H.264 SDK | PDF SDK ActiveX | FL) -- C:\Windows\System32\viscomdvdimg.dll
[2011.01.07 20:08:16 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL
[2011.01.07 20:08:16 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinet.OCX
[2011.01.07 20:08:16 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL
[2011.01.07 20:08:16 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetfr.DLL
[2011.01.07 20:08:15 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2011.01.07 20:08:15 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL
[2011.01.07 20:08:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL
[2011.01.07 20:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Videos To DVD
[2011.01.05 21:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2011.01.05 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\BitTorrent
[2011.01.05 12:04:41 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Sturmfrei
[2011.01.05 10:45:45 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Local\Sony Ericsson
[2011.01.05 10:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest update
[2011.01.05 10:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2011.01.05 10:41:56 | 000,122,152 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mdm.sys
[2011.01.05 10:41:56 | 000,117,672 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017unic.sys
[2011.01.05 10:41:56 | 000,115,496 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mgmt.sys
[2011.01.05 10:41:56 | 000,111,912 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017obex.sys
[2011.01.05 10:41:56 | 000,090,536 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017bus.sys
[2011.01.05 10:41:56 | 000,025,768 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017nd5.sys
[2011.01.05 10:41:56 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mdfl.sys
[2011.01.05 10:41:56 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017whnt.sys
[2011.01.05 10:41:56 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017wh.sys
[2011.01.05 10:41:56 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cmnt.sys
[2011.01.05 10:41:56 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cm.sys
[2011.01.05 10:41:56 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cr.sys
[2011.01.05 10:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011.01.05 10:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2011.01.05 10:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2011.01.05 09:47:57 | 001,500,160 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athur.sys
[2011.01.05 09:47:51 | 001,500,160 | R--- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athur.sys
[2011.01.05 09:47:50 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011.01.05 09:47:50 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011.01.05 09:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2011.01.04 20:28:19 | 000,000,000 | ---D | C] -- C:\Testbilder
[2011.01.04 20:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bildschutz
[2011.01.04 20:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lab
[2011.01.04 20:20:02 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Documents\Outlook-Dateien
[2011.01.04 20:19:28 | 000,000,000 | R--D | C] -- C:\Users\Piia - Muckelchen\Desktop\Schreibstube
[2011.01.03 18:59:35 | 000,000,000 | -H-D | C] -- C:\Users\Piia - Muckelchen\Desktop\[Originaldateien]
[2011.01.03 05:59:02 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Vuopse
[2011.01.01 12:42:11 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Fotoalben
[2010.12.26 20:26:47 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Best of
[2010.12.25 16:28:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
[2010.12.25 16:23:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{13795121-80CF-4D45-9175-8FD79D18EF7E}
[2010.12.25 16:19:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6C47B826-5902-49BB-BF6B-68F5716FD827}
[2010.12.25 16:04:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{682FE305-7958-4875-9B95-34673E7151AD}
[2010.12.25 15:52:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{529BBEB3-0369-420C-BD9C-37553D289203}
[2010.12.25 11:04:03 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.21 15:04:03 | 000,009,728 | ---- | C] () -- C:\Users\Piia - Muckelchen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 14:57:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.19 19:39:09 | 002,823,030 | -H-- | C] () -- C:\Users\Piia - Muckelchen\AppData\Local\IconCache.db
[2010.12.19 19:02:16 | 000,115,352 | ---- | C] () -- C:\Users\Piia - Muckelchen\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.07.14 05:41:57 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.24 15:43:59 | 000,000,316 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.01.24 15:39:07 | 000,000,270 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.01.24 12:10:29 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.24 12:09:43 | 000,296,448 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\g2m3e4r.exe
[2011.01.24 12:09:41 | 000,050,477 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\defogger.exe
[2011.01.24 11:31:27 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 11:31:27 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 11:23:51 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.24 11:23:51 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.24 11:23:51 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.24 11:23:51 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.24 11:16:50 | 000,000,316 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.01.24 11:15:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.24 11:15:46 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.23 20:49:52 | 000,026,112 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\ENG.doc
[2011.01.23 18:36:48 | 000,016,182 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\watermark [320x200].jpg
[2011.01.23 16:25:20 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.01.23 12:30:20 | 000,009,728 | ---- | M] () -- C:\Users\Piia - Muckelchen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.23 12:29:48 | 001,668,550 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Joke.jpg
[2011.01.23 12:12:12 | 000,001,175 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Portrait Professional Studio 9.lnk
[2011.01.23 11:36:16 | 000,201,728 | ---- | M] (Adobe Flash Player) -- C:\Windows\Crahea.exe
[2011.01.22 22:15:19 | 004,860,061 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\(Sting) Fields of Gold -Cover.mp3
[2011.01.22 22:12:58 | 006,088,861 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\(Westlife) My Love - Cover.mp3
[2011.01.22 22:11:38 | 001,992,443 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Pirates Of The Caribbean - Cover.mp3
[2011.01.22 22:00:47 | 005,958,458 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\(Eric Clapton) Wondeful Tonight - Cover.mp3
[2011.01.22 19:58:10 | 044,528,961 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\capture one 4.5.1.rar
[2011.01.18 14:06:44 | 000,000,354 | ---- | M] () -- C:\Users\Piia - Muckelchen\Documents\Untitled-1.html
[2011.01.18 14:01:03 | 000,001,199 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Adobe Dreamweaver CS5.lnk
[2011.01.13 14:34:03 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.01.07 20:08:21 | 000,001,025 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Free Videos To DVD.lnk
[2011.01.06 21:31:05 | 000,175,204 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Only you can heal the emptyness I felt.docx
[2011.01.06 13:27:41 | 000,024,064 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Mats 10.doc
[2011.01.06 13:26:30 | 000,048,640 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\GEsm9ab2.doc
[2011.01.05 21:22:01 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011.01.05 12:58:34 | 000,028,913 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\watermark [800x600].jpg
[2011.01.05 12:55:41 | 001,284,419 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\watermark.jpg
[2011.01.05 10:44:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.01.04 21:33:06 | 008,070,944 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Cover Bruno Mars - Just the Way you are.mp3
[2011.01.04 20:27:44 | 000,001,991 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Bildschutz Pro.lnk
[2010.12.28 21:03:52 | 001,720,427 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\DSC09312.JPG
[2010.12.27 12:23:43 | 003,790,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.01.24 12:10:29 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.24 12:09:43 | 000,296,448 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\g2m3e4r.exe
[2011.01.24 12:09:41 | 000,050,477 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\defogger.exe
[2011.01.23 20:49:50 | 000,026,112 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\ENG.doc
[2011.01.23 18:36:47 | 000,016,182 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\watermark [320x200].jpg
[2011.01.23 18:04:43 | 000,000,316 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.01.23 16:25:20 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.01.23 16:24:52 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.01.23 16:24:52 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.01.23 16:24:49 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011.01.23 16:24:47 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011.01.23 12:29:32 | 001,668,550 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Joke.jpg
[2011.01.23 12:12:12 | 000,001,175 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Portrait Professional Studio 9.lnk
[2011.01.23 11:36:36 | 000,000,316 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.01.23 11:36:25 | 000,000,270 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.01.22 22:15:13 | 004,860,061 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\(Sting) Fields of Gold -Cover.mp3
[2011.01.22 22:12:50 | 006,088,861 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\(Westlife) My Love - Cover.mp3
[2011.01.22 22:11:32 | 001,992,443 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Pirates Of The Caribbean - Cover.mp3
[2011.01.22 22:00:39 | 005,958,458 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\(Eric Clapton) Wondeful Tonight - Cover.mp3
[2011.01.22 19:56:08 | 044,528,961 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\capture one 4.5.1.rar
[2011.01.18 14:05:41 | 000,000,354 | ---- | C] () -- C:\Users\Piia - Muckelchen\Documents\Untitled-1.html
[2011.01.18 14:01:03 | 000,001,199 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Adobe Dreamweaver CS5.lnk
[2011.01.13 14:34:03 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.01.12 08:58:02 | 003,181,568 | ---- | C] () -- C:\Windows\System32\mf.dll
[2011.01.07 20:08:21 | 000,001,025 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Free Videos To DVD.lnk
[2011.01.07 20:08:16 | 000,000,401 | ---- | C] () -- C:\Windows\System32\dvdauthor.lic
[2011.01.06 11:47:00 | 000,024,064 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Mats 10.doc
[2011.01.05 21:22:01 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011.01.05 19:10:46 | 000,048,640 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\GEsm9ab2.doc
[2011.01.05 12:58:34 | 000,028,913 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\watermark [800x600].jpg
[2011.01.05 12:55:39 | 001,284,419 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\watermark.jpg
[2011.01.05 10:44:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.01.05 09:47:51 | 000,017,577 | R--- | C] () -- C:\Windows\System32\netathur.inf
[2011.01.05 09:47:51 | 000,007,480 | ---- | C] () -- C:\Windows\System32\athurext.cat
[2011.01.04 21:36:11 | 008,070,944 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Cover Bruno Mars - Just the Way you are.mp3
[2011.01.04 21:05:47 | 000,175,204 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Only you can heal the emptyness I felt.docx
[2011.01.04 20:27:44 | 000,001,991 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Bildschutz Pro.lnk
[2011.01.03 11:25:26 | 001,720,427 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\DSC09312.JPG
[2010.12.20 13:55:26 | 014,899,816 | ---- | C] () -- C:\Windows\System32\nvoglv32.dll
[2010.12.20 13:55:26 | 013,019,752 | ---- | C] () -- C:\Windows\System32\nvcompiler.dll
[2010.12.20 13:55:26 | 010,084,360 | ---- | C] () -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.12.20 13:55:26 | 010,023,528 | ---- | C] () -- C:\Windows\System32\nvd3dum.dll
[2010.12.20 13:55:26 | 005,473,896 | ---- | C] () -- C:\Windows\System32\nvwgf2um.dll
[2010.12.20 13:55:26 | 004,837,480 | ---- | C] () -- C:\Windows\System32\nvcuda.dll
[2010.12.20 13:55:26 | 002,912,360 | ---- | C] () -- C:\Windows\System32\nvcuvid.dll
[2010.12.20 13:55:26 | 002,666,600 | ---- | C] () -- C:\Windows\System32\nvcuvenc.dll
[2010.12.20 13:48:39 | 005,978,112 | ---- | C] () -- C:\Windows\System32\mshtml.dll
[2010.12.20 13:48:39 | 002,063,360 | ---- | C] () -- C:\Windows\System32\iertutil.dll
[2010.12.20 13:48:38 | 010,989,056 | ---- | C] () -- C:\Windows\System32\ieframe.dll
[2010.12.20 09:59:13 | 011,406,848 | ---- | C] () -- C:\Windows\System32\wmp.dll
[2010.12.20 09:59:11 | 012,625,408 | ---- | C] () -- C:\Windows\System32\wmploc.DLL
[2010.12.20 09:34:13 | 002,327,552 | ---- | C] () -- C:\Windows\System32\win32k.sys
[2010.10.16 12:42:46 | 001,881,704 | ---- | C] () -- C:\Windows\System32\nvsvcr.dll
[2010.10.16 12:42:42 | 003,420,776 | ---- | C] () -- C:\Windows\System32\nvcpl.dll
[2010.10.16 12:42:38 | 002,079,336 | ---- | C] () -- C:\Windows\System32\nvsvc.dll
[2010.03.18 09:15:26 | 004,368,720 | ---- | C] () -- C:\Windows\System32\mfc100u.dll
[2010.03.18 09:15:26 | 004,342,088 | ---- | C] () -- C:\Windows\System32\mfc100.dll
[2009.07.14 01:41:41 | 002,504,192 | ---- | C] () -- C:\Windows\System32\WMVCORE.DLL
[2009.07.14 01:15:32 | 001,912,832 | ---- | C] () -- C:\Windows\System32\wuaueng.dll
[2009.07.14 01:15:04 | 002,414,080 | ---- | C] () -- C:\Windows\System32\wucltux.dll
[2009.07.14 01:14:01 | 003,727,360 | ---- | C] () -- C:\Windows\System32\accessibilitycpl.dll
[2009.07.14 01:13:46 | 007,964,672 | ---- | C] () -- C:\Windows\System32\NlsLexicons0024.dll
[2009.07.14 01:13:45 | 006,585,856 | ---- | C] () -- C:\Windows\System32\NlsLexicons001b.dll
[2009.07.14 01:13:45 | 006,346,240 | ---- | C] () -- C:\Windows\System32\NlsLexicons001d.dll
[2009.07.14 01:13:45 | 005,791,232 | ---- | C] () -- C:\Windows\System32\NlsLexicons0026.dll
[2009.07.14 01:13:45 | 005,499,904 | ---- | C] () -- C:\Windows\System32\NlsLexicons0022.dll
[2009.07.14 01:13:45 | 004,164,096 | ---- | C] () -- C:\Windows\System32\NlsLexicons0002.dll
[2009.07.14 01:13:45 | 004,093,440 | ---- | C] () -- C:\Windows\System32\NlsLexicons004c.dll
[2009.07.14 01:13:45 | 003,419,136 | ---- | C] () -- C:\Windows\System32\NlsLexicons004a.dll
[2009.07.14 01:13:44 | 007,042,560 | ---- | C] () -- C:\Windows\System32\NlsLexicons081a.dll
[2009.07.14 01:13:44 | 006,917,120 | ---- | C] () -- C:\Windows\System32\NlsLexicons0c1a.dll
[2009.07.14 01:13:44 | 001,972,736 | ---- | C] () -- C:\Windows\System32\NlsLexicons004e.dll
[2009.07.14 01:13:43 | 006,781,440 | ---- | C] () -- C:\Windows\System32\NlsLexicons0019.dll
[2009.07.14 01:13:43 | 001,793,536 | ---- | C] () -- C:\Windows\System32\NlsLexicons0045.dll
[2009.07.14 01:13:42 | 005,654,528 | ---- | C] () -- C:\Windows\System32\NlsLexicons000f.dll
[2009.07.14 01:13:42 | 005,090,816 | ---- | C] () -- C:\Windows\System32\NlsLexicons0416.dll
[2009.07.14 01:13:42 | 005,031,936 | ---- | C] () -- C:\Windows\System32\NlsLexicons0816.dll
[2009.07.14 01:13:42 | 003,331,072 | ---- | C] () -- C:\Windows\System32\NlsLexicons0018.dll
[2009.07.14 01:13:41 | 006,224,896 | ---- | C] () -- C:\Windows\System32\NlsLexicons0027.dll
[2009.07.14 01:13:41 | 004,616,192 | ---- | C] () -- C:\Windows\System32\NlsLexicons0414.dll
[2009.07.14 01:13:41 | 004,175,872 | ---- | C] () -- C:\Windows\System32\NlsLexicons0010.dll
[2009.07.14 01:13:41 | 004,045,824 | ---- | C] () -- C:\Windows\System32\NlsLexicons003e.dll
[2009.07.14 01:13:41 | 001,808,896 | ---- | C] () -- C:\Windows\System32\NlsLexicons0046.dll
[2009.07.14 01:13:40 | 006,014,976 | ---- | C] () -- C:\Windows\System32\NlsLexicons001a.dll
[2009.07.14 01:13:40 | 001,782,272 | ---- | C] () -- C:\Windows\System32\NlsLexicons0039.dll
[2009.07.14 01:13:39 | 009,892,864 | ---- | C] () -- C:\Windows\System32\NlsLexicons000a.dll
[2009.07.14 01:13:38 | 012,038,656 | ---- | C] () -- C:\Windows\System32\NlsLexicons0007.dll
[2009.07.14 01:13:38 | 002,628,608 | ---- | C] () -- C:\Windows\System32\NlsLexicons0009.dll
[2009.07.14 01:13:38 | 002,136,064 | ---- | C] () -- C:\Windows\System32\NlsLexicons0021.dll
[2009.07.14 01:13:37 | 006,237,696 | ---- | C] () -- C:\Windows\System32\NlsLexicons000c.dll
[2009.07.14 01:13:37 | 002,466,816 | ---- | C] () -- C:\Windows\System32\NlsLexicons0011.dll
[2009.07.14 01:13:36 | 011,722,752 | ---- | C] () -- C:\Windows\System32\NlsLexicons0001.dll
[2009.07.14 01:13:36 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData004b.dll
[2009.07.14 01:13:35 | 004,981,248 | ---- | C] () -- C:\Windows\System32\NlsLexicons0013.dll
[2009.07.14 01:13:35 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData004a.dll
[2009.07.14 01:13:35 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData0049.dll
[2009.07.14 01:13:35 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData0020.dll
[2009.07.14 01:13:34 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData004e.dll
[2009.07.14 01:13:34 | 001,811,968 | ---- | C] () -- C:\Windows\System32\NlsData002a.dll
[2009.07.14 01:13:33 | 005,071,872 | ---- | C] () -- C:\Windows\System32\NlsModels0011.dll
[2009.07.14 01:13:33 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0002.dll
[2009.07.14 01:13:32 | 004,507,648 | ---- | C] () -- C:\Windows\System32\NlsData001d.dll
[2009.07.14 01:13:32 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0026.dll
[2009.07.14 01:13:31 | 004,888,576 | ---- | C] () -- C:\Windows\System32\NlsData0009.dll
[2009.07.14 01:13:31 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0024.dll
[2009.07.14 01:13:30 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData001b.dll
[2009.07.14 01:13:28 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData004c.dll
[2009.07.14 01:13:27 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData0045.dll
[2009.07.14 01:13:25 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData081a.dll
[2009.07.14 01:13:25 | 001,811,968 | ---- | C] () -- C:\Windows\System32\NlsData0022.dll
[2009.07.14 01:13:24 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0c1a.dll
[2009.07.14 01:13:23 | 004,509,696 | ---- | C] () -- C:\Windows\System32\NlsData0019.dll
[2009.07.14 01:13:22 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData0046.dll
[2009.07.14 01:13:22 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0018.dll
[2009.07.14 01:13:21 | 004,507,648 | ---- | C] () -- C:\Windows\System32\NlsData0416.dll
[2009.07.14 01:13:20 | 004,507,648 | ---- | C] () -- C:\Windows\System32\NlsData0816.dll
[2009.07.14 01:13:20 | 004,507,648 | ---- | C] () -- C:\Windows\System32\NlsData0414.dll
[2009.07.14 01:13:20 | 002,670,592 | ---- | C] () -- C:\Windows\System32\NlsData0011.dll
[2009.07.14 01:13:20 | 001,979,392 | ---- | C] () -- C:\Windows\System32\NlsData0027.dll
[2009.07.14 01:13:19 | 004,507,648 | ---- | C] () -- C:\Windows\System32\NlsData0010.dll
[2009.07.14 01:13:19 | 001,811,968 | ---- | C] () -- C:\Windows\System32\NlsData003e.dll
[2009.07.14 01:13:18 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData0039.dll
[2009.07.14 01:13:18 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData000f.dll
[2009.07.14 01:13:15 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData0047.dll
[2009.07.14 01:13:14 | 010,240,512 | ---- | C] () -- C:\Windows\System32\NlsData000a.dll
[2009.07.14 01:13:12 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData001a.dll
[2009.07.14 01:13:11 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0003.dll
[2009.07.14 01:13:10 | 001,811,968 | ---- | C] () -- C:\Windows\System32\NlsData0021.dll
[2009.07.14 01:13:09 | 002,654,208 | ---- | C] () -- C:\Windows\System32\NlsData000c.dll
[2009.07.14 01:13:09 | 002,255,360 | ---- | C] () -- C:\Windows\System32\NlsData0007.dll
[2009.07.14 01:13:08 | 002,353,152 | ---- | C] () -- C:\Windows\System32\NlsData000d.dll
[2009.07.14 01:13:07 | 002,609,664 | ---- | C] () -- C:\Windows\System32\NlsData0001.dll
[2009.07.14 01:13:06 | 003,476,480 | ---- | C] () -- C:\Windows\System32\NlsData0013.dll
[2009.07.14 01:11:38 | 006,103,040 | ---- | C] () -- C:\Windows\System32\chtbrkr.dll
[2009.07.14 01:08:20 | 002,291,712 | ---- | C] () -- C:\Windows\System32\MSVidCtl.dll
[2009.07.14 01:07:34 | 002,311,168 | ---- | C] () -- C:\Windows\System32\wpdshext.dll
[2009.07.14 01:04:42 | 009,053,696 | ---- | C] () -- C:\Windows\System32\mmres.dll
[2009.07.14 01:02:39 | 002,689,024 | ---- | C] () -- C:\Windows\System32\mstscax.dll
[2009.07.14 00:58:02 | 002,515,968 | ---- | C] () -- C:\Windows\System32\dbgeng.dll
[2009.07.14 00:53:28 | 002,130,944 | ---- | C] () -- C:\Windows\System32\networkmap.dll
[2009.07.14 00:53:22 | 002,494,464 | ---- | C] () -- C:\Windows\System32\netshell.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:46:51 | 002,969,600 | ---- | C] () -- C:\Windows\System32\UIHub.dll
[2009.07.14 00:45:25 | 002,202,624 | ---- | C] () -- C:\Windows\System32\SensorsCpl.dll
[2009.07.14 00:43:16 | 002,983,424 | ---- | C] () -- C:\Windows\System32\UIRibbon.dll
[2009.07.14 00:42:45 | 001,792,000 | ---- | C] () -- C:\Windows\System32\authui.dll
[2009.07.14 00:42:24 | 020,268,032 | ---- | C] () -- C:\Windows\System32\imageres.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 00:42:07 | 004,240,384 | ---- | C] () -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009.07.14 00:41:02 | 002,576,384 | ---- | C] () -- C:\Windows\System32\gameux.dll
[2009.07.14 00:40:51 | 002,157,056 | ---- | C] () -- C:\Windows\System32\themecpl.dll
[2009.07.14 00:40:37 | 002,146,304 | ---- | C] () -- C:\Windows\System32\SyncCenter.dll
[2009.07.14 00:39:20 | 002,755,072 | ---- | C] () -- C:\Windows\System32\themeui.dll
[2009.07.14 00:32:34 | 002,340,864 | ---- | C] () -- C:\Windows\System32\msi.dll
[2009.07.14 00:31:05 | 002,151,936 | ---- | C] () -- C:\Windows\System32\mmcndmgr.dll
[2009.07.14 00:29:40 | 001,826,816 | ---- | C] () -- C:\Windows\System32\d3d9.dll
[2009.07.14 00:23:57 | 006,278,656 | ---- | C] () -- C:\Windows\System32\DDORes.dll
[2009.07.14 00:17:44 | 008,338,432 | ---- | C] () -- C:\Windows\System32\spwizimg.dll
[2009.07.14 00:11:07 | 002,217,536 | ---- | C] () -- C:\Windows\System32\bootres.dll
[2009.07.13 23:11:11 | 005,070,848 | ---- | C] () -- C:\Windows\System32\AuthFWSnapin.dll
[2009.06.10 22:41:36 | 002,134,016 | ---- | C] () -- C:\Windows\System32\msmpeg2vdec.dll
[2009.06.10 22:17:55 | 003,100,160 | ---- | C] () -- C:\Windows\System32\drivers\evbdx.sys
 
========== LOP Check ==========
 
[2010.12.20 15:47:43 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\ACD Systems
[2011.01.23 12:17:12 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Anthropics
[2011.01.23 11:55:45 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\BitTorrent
[2011.01.13 14:34:22 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Canneverbe Limited
[2011.01.20 19:41:58 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.01.03 09:47:52 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\EditPlus 3
[2011.01.09 10:07:23 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\FreeMoviesToDVD
[2010.12.22 10:44:25 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\JGsoft
[2011.01.20 14:26:29 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Leisin
[2011.01.23 16:27:41 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Muwy
[2011.01.13 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\OpenCandy
[2010.12.22 10:23:48 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\OpenOffice.org
[2011.01.23 16:24:30 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Simply Super Software
[2011.01.20 14:29:40 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.16 18:42:55 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\VSO
[2011.01.24 15:40:28 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Vuopse
[2011.01.23 12:22:04 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye
[2009.07.14 05:53:46 | 000,007,180 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.24 15:43:59 | 000,000,316 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.01.24 15:39:07 | 000,000,270 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.01.24 11:16:50 | 000,000,316 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
         

--- --- ---

OLT.txtOTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 24.01.2011 15:46:11 - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = C:\Users\Piia - Muckelchen\Desktop\MFTools
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 192,06 Gb Total Space | 63,90 Gb Free Space | 33,27% Space Free | Partition Type: NTFS
Drive D: | 94,03 Gb Total Space | 93,94 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
 
Computer Name: AMILO | User Name: Piia - Muckelchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Piia - Muckelchen\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe (Adobe Flash Player)
PRC - C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe (Adobe Flash Player)
PRC - C:\Windows\Crahea.exe (Adobe Flash Player)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Piia - Muckelchen\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ()
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe ()
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys ()
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll ()
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll ()
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 6B 6F 24 0A BB CB 01  [binary data]
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll ()
IE - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.19 21:38:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.22 10:17:09 | 000,000,000 | ---D | M]
 
[2010.12.19 21:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piia - Muckelchen\AppData\Roaming\mozilla\Extensions
[2010.12.19 21:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piia - Muckelchen\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.12.19 21:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piia - Muckelchen\AppData\Roaming\mozilla\Firefox\Profiles\2wqkc34e.default\extensions
[2011.01.24 11:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.12.19 21:38:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.12.20 10:56:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.12.22 10:17:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.12.03 20:43:34 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2010.12.03 20:43:34 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2010.12.22 10:16:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2010.12.03 20:43:34 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2010.11.10 12:49:36 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [{32A068F1-BA4F-03E6-B150-A98A13ED97A3}] C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye\weizd.exe ()
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [{40ED5C22-FE26-5E04-1C5C-09ED42F49C41}] C:\Users\Piia - Muckelchen\AppData\Roaming\Leisin\nuac.exe (Avira GmbH)
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe ()
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe (largez)
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [JP595IR86O] C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe (Adobe Flash Player)
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [mute.exe] C:\mute\mute.exe ()
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll ()
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL ()
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll ()
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ()
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6aa9b93f-0b94-11e0-a503-00140b410566}\Shell - "" = AutoRun
O33 - MountPoints2\{6aa9b93f-0b94-11e0-a503-00140b410566}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6aa9b97d-0b94-11e0-a503-00140b410566}\Shell - "" = AutoRun
O33 - MountPoints2\{6aa9b97d-0b94-11e0-a503-00140b410566}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6aa9b986-0b94-11e0-a503-00140b410566}\Shell - "" = AutoRun
O33 - MountPoints2\{6aa9b986-0b94-11e0-a503-00140b410566}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6aa9b98a-0b94-11e0-a503-00140b410566}\Shell - "" = AutoRun
O33 - MountPoints2\{6aa9b98a-0b94-11e0-a503-00140b410566}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{79397e96-0c0e-11e0-9a9f-00140b410566}\Shell - "" = AutoRun
O33 - MountPoints2\{79397e96-0c0e-11e0-9a9f-00140b410566}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{79397e99-0c0e-11e0-9a9f-00140b410566}\Shell - "" = AutoRun
O33 - MountPoints2\{79397e99-0c0e-11e0-9a9f-00140b410566}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.24 12:14:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.24 12:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.01.24 12:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.01.24 12:10:43 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Malwarebytes
[2011.01.24 12:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.24 12:10:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.24 12:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.24 12:10:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.24 12:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.24 12:09:19 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\MFTools
[2011.01.23 16:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.01.23 16:25:39 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Documents\Simply Super Software
[2011.01.23 16:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011.01.23 16:24:52 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2011.01.23 16:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011.01.23 16:24:30 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Simply Super Software
[2011.01.23 16:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011.01.23 12:22:04 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye
[2011.01.23 12:22:04 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Muwy
[2011.01.23 12:21:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.01.23 12:17:12 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Anthropics
[2011.01.23 12:14:50 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Avira
[2011.01.23 12:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Portrait Professional Studio 9
[2011.01.23 12:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Portrait Professional Studio 9
[2011.01.23 11:37:04 | 000,201,728 | ---- | C] (Adobe Flash Player) -- C:\Windows\Crahea.exe
[2011.01.22 20:27:53 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\III
[2011.01.22 20:09:13 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Local\Phase_One
[2011.01.22 20:08:02 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\CaptureOne
[2011.01.22 20:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Phase One
[2011.01.22 20:05:29 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Local\CaptureOne
[2011.01.22 20:04:52 | 000,024,192 | ---- | C] (Phase One A/S) -- C:\Windows\System32\drivers\p1c1394.sys
[2011.01.22 20:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phase One
[2011.01.22 20:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Phase One
[2011.01.22 20:01:40 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\capture one 4.5.1
[2011.01.21 11:22:08 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Jul
[2011.01.20 19:41:58 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.01.20 16:28:09 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Alex
[2011.01.20 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Adobe Mini Bridge CS5
[2011.01.20 14:29:40 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.20 14:26:29 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Leisin
[2011.01.20 13:05:25 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\HP
[2011.01.18 13:53:24 | 000,001,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.lnk
[2011.01.18 10:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\phase5
[2011.01.18 10:22:10 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
[2011.01.17 19:57:28 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Mein Beschützer der Wolf
[2011.01.13 14:34:22 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Canneverbe Limited
[2011.01.13 14:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011.01.13 14:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.01.13 14:34:03 | 000,001,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011.01.13 14:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011.01.13 14:33:52 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Local\OpenCandy
[2011.01.13 14:33:50 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\OpenCandy
[2011.01.13 14:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011.01.12 08:58:09 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 08:58:03 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.12 08:58:03 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.12 08:58:02 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.01.12 08:58:01 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.01.12 08:58:01 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.01.12 08:58:00 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.01.12 08:57:59 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.01.12 08:57:59 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.12 08:57:59 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.01.12 08:57:58 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.01.12 08:57:58 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.01.12 08:57:58 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.01.12 08:57:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.12 08:57:57 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.08 21:16:27 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Ein Tag am Meer
[2011.01.07 20:09:12 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Documents\Movies2DVDProjects
[2011.01.07 20:09:12 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\FreeMoviesToDVD
[2011.01.07 20:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videos To DVD
[2011.01.07 20:08:16 | 000,327,680 | ---- | C] (Viscom Software VISCOM Image SDK ActiveX | Imaging SDK ActiveX | Best Digital Signage software system | Best Real Time Display software system | OCR SDK ActiveX | Barcode Writer SDK ActiveX | BarCode SDK ActiveX | Video SDK ActiveX | H.264 SDK | PDF SDK ActiveX | FL) -- C:\Windows\System32\dvdauthor.ocx
[2011.01.07 20:08:16 | 000,233,472 | ---- | C] (Viscom Software VISCOM Image SDK ActiveX | Imaging SDK ActiveX | Best Digital Signage software system | Best Real Time Display software system | OCR SDK ActiveX | Barcode Writer SDK ActiveX | BarCode SDK ActiveX | Video SDK ActiveX | H.264 SDK | PDF SDK ActiveX | FL) -- C:\Windows\System32\viscomdvdimg.dll
[2011.01.07 20:08:16 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL
[2011.01.07 20:08:16 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinet.OCX
[2011.01.07 20:08:16 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL
[2011.01.07 20:08:16 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetfr.DLL
[2011.01.07 20:08:15 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2011.01.07 20:08:15 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL
[2011.01.07 20:08:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL
[2011.01.07 20:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Videos To DVD
[2011.01.05 21:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2011.01.05 21:21:09 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\BitTorrent
[2011.01.05 12:04:41 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Sturmfrei
[2011.01.05 10:45:45 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Local\Sony Ericsson
[2011.01.05 10:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest update
[2011.01.05 10:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2011.01.05 10:41:56 | 000,122,152 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mdm.sys
[2011.01.05 10:41:56 | 000,117,672 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017unic.sys
[2011.01.05 10:41:56 | 000,115,496 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mgmt.sys
[2011.01.05 10:41:56 | 000,111,912 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017obex.sys
[2011.01.05 10:41:56 | 000,090,536 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017bus.sys
[2011.01.05 10:41:56 | 000,025,768 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017nd5.sys
[2011.01.05 10:41:56 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mdfl.sys
[2011.01.05 10:41:56 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017whnt.sys
[2011.01.05 10:41:56 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017wh.sys
[2011.01.05 10:41:56 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cmnt.sys
[2011.01.05 10:41:56 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cm.sys
[2011.01.05 10:41:56 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cr.sys
[2011.01.05 10:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011.01.05 10:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2011.01.05 10:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2011.01.05 09:47:57 | 001,500,160 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athur.sys
[2011.01.05 09:47:51 | 001,500,160 | R--- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athur.sys
[2011.01.05 09:47:50 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011.01.05 09:47:50 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011.01.05 09:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2011.01.04 20:28:19 | 000,000,000 | ---D | C] -- C:\Testbilder
[2011.01.04 20:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bildschutz
[2011.01.04 20:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lab
[2011.01.04 20:20:02 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Documents\Outlook-Dateien
[2011.01.04 20:19:28 | 000,000,000 | R--D | C] -- C:\Users\Piia - Muckelchen\Desktop\Schreibstube
[2011.01.03 18:59:35 | 000,000,000 | -H-D | C] -- C:\Users\Piia - Muckelchen\Desktop\[Originaldateien]
[2011.01.03 05:59:02 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Vuopse
[2011.01.01 12:42:11 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Fotoalben
[2010.12.26 20:26:47 | 000,000,000 | ---D | C] -- C:\Users\Piia - Muckelchen\Desktop\Best of
[2010.12.25 16:28:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
[2010.12.25 16:23:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{13795121-80CF-4D45-9175-8FD79D18EF7E}
[2010.12.25 16:19:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6C47B826-5902-49BB-BF6B-68F5716FD827}
[2010.12.25 16:04:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{682FE305-7958-4875-9B95-34673E7151AD}
[2010.12.25 15:52:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{529BBEB3-0369-420C-BD9C-37553D289203}
[2010.12.25 11:04:03 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.21 15:04:03 | 000,009,728 | ---- | C] () -- C:\Users\Piia - Muckelchen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 14:57:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.19 19:39:09 | 002,823,030 | -H-- | C] () -- C:\Users\Piia - Muckelchen\AppData\Local\IconCache.db
[2010.12.19 19:02:16 | 000,115,352 | ---- | C] () -- C:\Users\Piia - Muckelchen\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.07.14 05:41:57 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.24 15:43:59 | 000,000,316 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.01.24 15:39:07 | 000,000,270 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.01.24 12:10:29 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.24 12:09:43 | 000,296,448 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\g2m3e4r.exe
[2011.01.24 12:09:41 | 000,050,477 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\defogger.exe
[2011.01.24 11:31:27 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 11:31:27 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 11:23:51 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.24 11:23:51 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.24 11:23:51 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.24 11:23:51 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.24 11:16:50 | 000,000,316 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.01.24 11:15:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.24 11:15:46 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.23 20:49:52 | 000,026,112 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\ENG.doc
[2011.01.23 18:36:48 | 000,016,182 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\watermark [320x200].jpg
[2011.01.23 16:25:20 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.01.23 12:30:20 | 000,009,728 | ---- | M] () -- C:\Users\Piia - Muckelchen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.23 12:29:48 | 001,668,550 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Joke.jpg
[2011.01.23 12:12:12 | 000,001,175 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Portrait Professional Studio 9.lnk
[2011.01.23 11:36:16 | 000,201,728 | ---- | M] (Adobe Flash Player) -- C:\Windows\Crahea.exe
[2011.01.22 22:15:19 | 004,860,061 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\(Sting) Fields of Gold -Cover.mp3
[2011.01.22 22:12:58 | 006,088,861 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\(Westlife) My Love - Cover.mp3
[2011.01.22 22:11:38 | 001,992,443 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Pirates Of The Caribbean - Cover.mp3
[2011.01.22 22:00:47 | 005,958,458 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\(Eric Clapton) Wondeful Tonight - Cover.mp3
[2011.01.22 19:58:10 | 044,528,961 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\capture one 4.5.1.rar
[2011.01.18 14:06:44 | 000,000,354 | ---- | M] () -- C:\Users\Piia - Muckelchen\Documents\Untitled-1.html
[2011.01.18 14:01:03 | 000,001,199 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Adobe Dreamweaver CS5.lnk
[2011.01.13 14:34:03 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.01.07 20:08:21 | 000,001,025 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Free Videos To DVD.lnk
[2011.01.06 21:31:05 | 000,175,204 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Only you can heal the emptyness I felt.docx
[2011.01.06 13:27:41 | 000,024,064 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Mats 10.doc
[2011.01.06 13:26:30 | 000,048,640 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\GEsm9ab2.doc
[2011.01.05 21:22:01 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011.01.05 12:58:34 | 000,028,913 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\watermark [800x600].jpg
[2011.01.05 12:55:41 | 001,284,419 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\watermark.jpg
[2011.01.05 10:44:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.01.04 21:33:06 | 008,070,944 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Cover Bruno Mars - Just the Way you are.mp3
[2011.01.04 20:27:44 | 000,001,991 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\Bildschutz Pro.lnk
[2010.12.28 21:03:52 | 001,720,427 | ---- | M] () -- C:\Users\Piia - Muckelchen\Desktop\DSC09312.JPG
[2010.12.27 12:23:43 | 003,790,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.01.24 12:10:29 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.24 12:09:43 | 000,296,448 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\g2m3e4r.exe
[2011.01.24 12:09:41 | 000,050,477 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\defogger.exe
[2011.01.23 20:49:50 | 000,026,112 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\ENG.doc
[2011.01.23 18:36:47 | 000,016,182 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\watermark [320x200].jpg
[2011.01.23 18:04:43 | 000,000,316 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.01.23 16:25:20 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.01.23 16:24:52 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.01.23 16:24:52 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.01.23 16:24:49 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011.01.23 16:24:47 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011.01.23 12:29:32 | 001,668,550 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Joke.jpg
[2011.01.23 12:12:12 | 000,001,175 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Portrait Professional Studio 9.lnk
[2011.01.23 11:36:36 | 000,000,316 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.01.23 11:36:25 | 000,000,270 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.01.22 22:15:13 | 004,860,061 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\(Sting) Fields of Gold -Cover.mp3
[2011.01.22 22:12:50 | 006,088,861 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\(Westlife) My Love - Cover.mp3
[2011.01.22 22:11:32 | 001,992,443 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Pirates Of The Caribbean - Cover.mp3
[2011.01.22 22:00:39 | 005,958,458 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\(Eric Clapton) Wondeful Tonight - Cover.mp3
[2011.01.22 19:56:08 | 044,528,961 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\capture one 4.5.1.rar
[2011.01.18 14:05:41 | 000,000,354 | ---- | C] () -- C:\Users\Piia - Muckelchen\Documents\Untitled-1.html
[2011.01.18 14:01:03 | 000,001,199 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Adobe Dreamweaver CS5.lnk
[2011.01.13 14:34:03 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.01.12 08:58:02 | 003,181,568 | ---- | C] () -- C:\Windows\System32\mf.dll
[2011.01.07 20:08:21 | 000,001,025 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Free Videos To DVD.lnk
[2011.01.07 20:08:16 | 000,000,401 | ---- | C] () -- C:\Windows\System32\dvdauthor.lic
[2011.01.06 11:47:00 | 000,024,064 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Mats 10.doc
[2011.01.05 21:22:01 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011.01.05 19:10:46 | 000,048,640 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\GEsm9ab2.doc
[2011.01.05 12:58:34 | 000,028,913 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\watermark [800x600].jpg
[2011.01.05 12:55:39 | 001,284,419 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\watermark.jpg
[2011.01.05 10:44:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.01.05 09:47:51 | 000,017,577 | R--- | C] () -- C:\Windows\System32\netathur.inf
[2011.01.05 09:47:51 | 000,007,480 | ---- | C] () -- C:\Windows\System32\athurext.cat
[2011.01.04 21:36:11 | 008,070,944 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Cover Bruno Mars - Just the Way you are.mp3
[2011.01.04 21:05:47 | 000,175,204 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Only you can heal the emptyness I felt.docx
[2011.01.04 20:27:44 | 000,001,991 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\Bildschutz Pro.lnk
[2011.01.03 11:25:26 | 001,720,427 | ---- | C] () -- C:\Users\Piia - Muckelchen\Desktop\DSC09312.JPG
[2010.12.20 13:55:26 | 014,899,816 | ---- | C] () -- C:\Windows\System32\nvoglv32.dll
[2010.12.20 13:55:26 | 013,019,752 | ---- | C] () -- C:\Windows\System32\nvcompiler.dll
[2010.12.20 13:55:26 | 010,084,360 | ---- | C] () -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.12.20 13:55:26 | 010,023,528 | ---- | C] () -- C:\Windows\System32\nvd3dum.dll
[2010.12.20 13:55:26 | 005,473,896 | ---- | C] () -- C:\Windows\System32\nvwgf2um.dll
[2010.12.20 13:55:26 | 004,837,480 | ---- | C] () -- C:\Windows\System32\nvcuda.dll
[2010.12.20 13:55:26 | 002,912,360 | ---- | C] () -- C:\Windows\System32\nvcuvid.dll
[2010.12.20 13:55:26 | 002,666,600 | ---- | C] () -- C:\Windows\System32\nvcuvenc.dll
[2010.12.20 13:48:39 | 005,978,112 | ---- | C] () -- C:\Windows\System32\mshtml.dll
[2010.12.20 13:48:39 | 002,063,360 | ---- | C] () -- C:\Windows\System32\iertutil.dll
[2010.12.20 13:48:38 | 010,989,056 | ---- | C] () -- C:\Windows\System32\ieframe.dll
[2010.12.20 09:59:13 | 011,406,848 | ---- | C] () -- C:\Windows\System32\wmp.dll
[2010.12.20 09:59:11 | 012,625,408 | ---- | C] () -- C:\Windows\System32\wmploc.DLL
[2010.12.20 09:34:13 | 002,327,552 | ---- | C] () -- C:\Windows\System32\win32k.sys
[2010.10.16 12:42:46 | 001,881,704 | ---- | C] () -- C:\Windows\System32\nvsvcr.dll
[2010.10.16 12:42:42 | 003,420,776 | ---- | C] () -- C:\Windows\System32\nvcpl.dll
[2010.10.16 12:42:38 | 002,079,336 | ---- | C] () -- C:\Windows\System32\nvsvc.dll
[2010.03.18 09:15:26 | 004,368,720 | ---- | C] () -- C:\Windows\System32\mfc100u.dll
[2010.03.18 09:15:26 | 004,342,088 | ---- | C] () -- C:\Windows\System32\mfc100.dll
[2009.07.14 01:41:41 | 002,504,192 | ---- | C] () -- C:\Windows\System32\WMVCORE.DLL
[2009.07.14 01:15:32 | 001,912,832 | ---- | C] () -- C:\Windows\System32\wuaueng.dll
[2009.07.14 01:15:04 | 002,414,080 | ---- | C] () -- C:\Windows\System32\wucltux.dll
[2009.07.14 01:14:01 | 003,727,360 | ---- | C] () -- C:\Windows\System32\accessibilitycpl.dll
[2009.07.14 01:13:46 | 007,964,672 | ---- | C] () -- C:\Windows\System32\NlsLexicons0024.dll
[2009.07.14 01:13:45 | 006,585,856 | ---- | C] () -- C:\Windows\System32\NlsLexicons001b.dll
[2009.07.14 01:13:45 | 006,346,240 | ---- | C] () -- C:\Windows\System32\NlsLexicons001d.dll
[2009.07.14 01:13:45 | 005,791,232 | ---- | C] () -- C:\Windows\System32\NlsLexicons0026.dll
[2009.07.14 01:13:45 | 005,499,904 | ---- | C] () -- C:\Windows\System32\NlsLexicons0022.dll
[2009.07.14 01:13:45 | 004,164,096 | ---- | C] () -- C:\Windows\System32\NlsLexicons0002.dll
[2009.07.14 01:13:45 | 004,093,440 | ---- | C] () -- C:\Windows\System32\NlsLexicons004c.dll
[2009.07.14 01:13:45 | 003,419,136 | ---- | C] () -- C:\Windows\System32\NlsLexicons004a.dll
[2009.07.14 01:13:44 | 007,042,560 | ---- | C] () -- C:\Windows\System32\NlsLexicons081a.dll
[2009.07.14 01:13:44 | 006,917,120 | ---- | C] () -- C:\Windows\System32\NlsLexicons0c1a.dll
[2009.07.14 01:13:44 | 001,972,736 | ---- | C] () -- C:\Windows\System32\NlsLexicons004e.dll
[2009.07.14 01:13:43 | 006,781,440 | ---- | C] () -- C:\Windows\System32\NlsLexicons0019.dll
[2009.07.14 01:13:43 | 001,793,536 | ---- | C] () -- C:\Windows\System32\NlsLexicons0045.dll
[2009.07.14 01:13:42 | 005,654,528 | ---- | C] () -- C:\Windows\System32\NlsLexicons000f.dll
[2009.07.14 01:13:42 | 005,090,816 | ---- | C] () -- C:\Windows\System32\NlsLexicons0416.dll
[2009.07.14 01:13:42 | 005,031,936 | ---- | C] () -- C:\Windows\System32\NlsLexicons0816.dll
[2009.07.14 01:13:42 | 003,331,072 | ---- | C] () -- C:\Windows\System32\NlsLexicons0018.dll
[2009.07.14 01:13:41 | 006,224,896 | ---- | C] () -- C:\Windows\System32\NlsLexicons0027.dll
[2009.07.14 01:13:41 | 004,616,192 | ---- | C] () -- C:\Windows\System32\NlsLexicons0414.dll
[2009.07.14 01:13:41 | 004,175,872 | ---- | C] () -- C:\Windows\System32\NlsLexicons0010.dll
[2009.07.14 01:13:41 | 004,045,824 | ---- | C] () -- C:\Windows\System32\NlsLexicons003e.dll
[2009.07.14 01:13:41 | 001,808,896 | ---- | C] () -- C:\Windows\System32\NlsLexicons0046.dll
[2009.07.14 01:13:40 | 006,014,976 | ---- | C] () -- C:\Windows\System32\NlsLexicons001a.dll
[2009.07.14 01:13:40 | 001,782,272 | ---- | C] () -- C:\Windows\System32\NlsLexicons0039.dll
[2009.07.14 01:13:39 | 009,892,864 | ---- | C] () -- C:\Windows\System32\NlsLexicons000a.dll
[2009.07.14 01:13:38 | 012,038,656 | ---- | C] () -- C:\Windows\System32\NlsLexicons0007.dll
[2009.07.14 01:13:38 | 002,628,608 | ---- | C] () -- C:\Windows\System32\NlsLexicons0009.dll
[2009.07.14 01:13:38 | 002,136,064 | ---- | C] () -- C:\Windows\System32\NlsLexicons0021.dll
[2009.07.14 01:13:37 | 006,237,696 | ---- | C] () -- C:\Windows\System32\NlsLexicons000c.dll
[2009.07.14 01:13:37 | 002,466,816 | ---- | C] () -- C:\Windows\System32\NlsLexicons0011.dll
[2009.07.14 01:13:36 | 011,722,752 | ---- | C] () -- C:\Windows\System32\NlsLexicons0001.dll
[2009.07.14 01:13:36 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData004b.dll
[2009.07.14 01:13:35 | 004,981,248 | ---- | C] () -- C:\Windows\System32\NlsLexicons0013.dll
[2009.07.14 01:13:35 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData004a.dll
[2009.07.14 01:13:35 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData0049.dll
[2009.07.14 01:13:35 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData0020.dll
[2009.07.14 01:13:34 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData004e.dll
[2009.07.14 01:13:34 | 001,811,968 | ---- | C] () -- C:\Windows\System32\NlsData002a.dll
[2009.07.14 01:13:33 | 005,071,872 | ---- | C] () -- C:\Windows\System32\NlsModels0011.dll
[2009.07.14 01:13:33 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0002.dll
[2009.07.14 01:13:32 | 004,507,648 | ---- | C] () -- C:\Windows\System32\NlsData001d.dll
[2009.07.14 01:13:32 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0026.dll
[2009.07.14 01:13:31 | 004,888,576 | ---- | C] () -- C:\Windows\System32\NlsData0009.dll
[2009.07.14 01:13:31 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0024.dll
[2009.07.14 01:13:30 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData001b.dll
[2009.07.14 01:13:28 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData004c.dll
[2009.07.14 01:13:27 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData0045.dll
[2009.07.14 01:13:25 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData081a.dll
[2009.07.14 01:13:25 | 001,811,968 | ---- | C] () -- C:\Windows\System32\NlsData0022.dll
[2009.07.14 01:13:24 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0c1a.dll
[2009.07.14 01:13:23 | 004,509,696 | ---- | C] () -- C:\Windows\System32\NlsData0019.dll
[2009.07.14 01:13:22 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData0046.dll
[2009.07.14 01:13:22 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0018.dll
[2009.07.14 01:13:21 | 004,507,648 | ---- | C] () -- C:\Windows\System32\NlsData0416.dll
[2009.07.14 01:13:20 | 004,507,648 | ---- | C] () -- C:\Windows\System32\NlsData0816.dll
[2009.07.14 01:13:20 | 004,507,648 | ---- | C] () -- C:\Windows\System32\NlsData0414.dll
[2009.07.14 01:13:20 | 002,670,592 | ---- | C] () -- C:\Windows\System32\NlsData0011.dll
[2009.07.14 01:13:20 | 001,979,392 | ---- | C] () -- C:\Windows\System32\NlsData0027.dll
[2009.07.14 01:13:19 | 004,507,648 | ---- | C] () -- C:\Windows\System32\NlsData0010.dll
[2009.07.14 01:13:19 | 001,811,968 | ---- | C] () -- C:\Windows\System32\NlsData003e.dll
[2009.07.14 01:13:18 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData0039.dll
[2009.07.14 01:13:18 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData000f.dll
[2009.07.14 01:13:15 | 003,116,544 | ---- | C] () -- C:\Windows\System32\NlsData0047.dll
[2009.07.14 01:13:14 | 010,240,512 | ---- | C] () -- C:\Windows\System32\NlsData000a.dll
[2009.07.14 01:13:12 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData001a.dll
[2009.07.14 01:13:11 | 001,977,856 | ---- | C] () -- C:\Windows\System32\NlsData0003.dll
[2009.07.14 01:13:10 | 001,811,968 | ---- | C] () -- C:\Windows\System32\NlsData0021.dll
[2009.07.14 01:13:09 | 002,654,208 | ---- | C] () -- C:\Windows\System32\NlsData000c.dll
[2009.07.14 01:13:09 | 002,255,360 | ---- | C] () -- C:\Windows\System32\NlsData0007.dll
[2009.07.14 01:13:08 | 002,353,152 | ---- | C] () -- C:\Windows\System32\NlsData000d.dll
[2009.07.14 01:13:07 | 002,609,664 | ---- | C] () -- C:\Windows\System32\NlsData0001.dll
[2009.07.14 01:13:06 | 003,476,480 | ---- | C] () -- C:\Windows\System32\NlsData0013.dll
[2009.07.14 01:11:38 | 006,103,040 | ---- | C] () -- C:\Windows\System32\chtbrkr.dll
[2009.07.14 01:08:20 | 002,291,712 | ---- | C] () -- C:\Windows\System32\MSVidCtl.dll
[2009.07.14 01:07:34 | 002,311,168 | ---- | C] () -- C:\Windows\System32\wpdshext.dll
[2009.07.14 01:04:42 | 009,053,696 | ---- | C] () -- C:\Windows\System32\mmres.dll
[2009.07.14 01:02:39 | 002,689,024 | ---- | C] () -- C:\Windows\System32\mstscax.dll
[2009.07.14 00:58:02 | 002,515,968 | ---- | C] () -- C:\Windows\System32\dbgeng.dll
[2009.07.14 00:53:28 | 002,130,944 | ---- | C] () -- C:\Windows\System32\networkmap.dll
[2009.07.14 00:53:22 | 002,494,464 | ---- | C] () -- C:\Windows\System32\netshell.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:46:51 | 002,969,600 | ---- | C] () -- C:\Windows\System32\UIHub.dll
[2009.07.14 00:45:25 | 002,202,624 | ---- | C] () -- C:\Windows\System32\SensorsCpl.dll
[2009.07.14 00:43:16 | 002,983,424 | ---- | C] () -- C:\Windows\System32\UIRibbon.dll
[2009.07.14 00:42:45 | 001,792,000 | ---- | C] () -- C:\Windows\System32\authui.dll
[2009.07.14 00:42:24 | 020,268,032 | ---- | C] () -- C:\Windows\System32\imageres.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 00:42:07 | 004,240,384 | ---- | C] () -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009.07.14 00:41:02 | 002,576,384 | ---- | C] () -- C:\Windows\System32\gameux.dll
[2009.07.14 00:40:51 | 002,157,056 | ---- | C] () -- C:\Windows\System32\themecpl.dll
[2009.07.14 00:40:37 | 002,146,304 | ---- | C] () -- C:\Windows\System32\SyncCenter.dll
[2009.07.14 00:39:20 | 002,755,072 | ---- | C] () -- C:\Windows\System32\themeui.dll
[2009.07.14 00:32:34 | 002,340,864 | ---- | C] () -- C:\Windows\System32\msi.dll
[2009.07.14 00:31:05 | 002,151,936 | ---- | C] () -- C:\Windows\System32\mmcndmgr.dll
[2009.07.14 00:29:40 | 001,826,816 | ---- | C] () -- C:\Windows\System32\d3d9.dll
[2009.07.14 00:23:57 | 006,278,656 | ---- | C] () -- C:\Windows\System32\DDORes.dll
[2009.07.14 00:17:44 | 008,338,432 | ---- | C] () -- C:\Windows\System32\spwizimg.dll
[2009.07.14 00:11:07 | 002,217,536 | ---- | C] () -- C:\Windows\System32\bootres.dll
[2009.07.13 23:11:11 | 005,070,848 | ---- | C] () -- C:\Windows\System32\AuthFWSnapin.dll
[2009.06.10 22:41:36 | 002,134,016 | ---- | C] () -- C:\Windows\System32\msmpeg2vdec.dll
[2009.06.10 22:17:55 | 003,100,160 | ---- | C] () -- C:\Windows\System32\drivers\evbdx.sys
 
========== LOP Check ==========
 
[2010.12.20 15:47:43 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\ACD Systems
[2011.01.23 12:17:12 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Anthropics
[2011.01.23 11:55:45 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\BitTorrent
[2011.01.13 14:34:22 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Canneverbe Limited
[2011.01.20 19:41:58 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.01.03 09:47:52 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\EditPlus 3
[2011.01.09 10:07:23 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\FreeMoviesToDVD
[2010.12.22 10:44:25 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\JGsoft
[2011.01.20 14:26:29 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Leisin
[2011.01.23 16:27:41 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Muwy
[2011.01.13 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\OpenCandy
[2010.12.22 10:23:48 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\OpenOffice.org
[2011.01.23 16:24:30 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Simply Super Software
[2011.01.20 14:29:40 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.16 18:42:55 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\VSO
[2011.01.24 15:40:28 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Vuopse
[2011.01.23 12:22:04 | 000,000,000 | ---D | M] -- C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye
[2009.07.14 05:53:46 | 000,007,180 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.24 15:43:59 | 000,000,316 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.01.24 15:39:07 | 000,000,270 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.01.24 11:16:50 | 000,000,316 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
         

--- --- ---

1. rechtsklick avira schirm, guard deaktivieren.
2.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe (Adobe Flash Player)
PRC - C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe (Adobe Flash Player)
PRC - C:\Windows\Crahea.exe (Adobe Flash Player)
O4 - HKU\S-1-5-21-2881098273-3420571134-2651252604-1000..\Run: [JP595IR86O] C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe (Adobe Flash Player)
[2011.01.23 11:37:04 | 000,201,728 | ---- | C] (Adobe Flash Player) -- C:\Windows\Crahea.exe
[2011.01.24 15:43:59 | 000,000,316 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.01.24 15:39:07 | 000,000,270 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

:Files
C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe
C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe
C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye
C:\Users\Piia - Muckelchen\AppData\Roaming\Leisin
C:\cleansweep.exe\
C:\mute
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
rechtsklick avira schirm, guard deaktivieren.
öffne computer, c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html
avira aktivieren.

All processes killed
========== OTL ==========
No active process named Cp2.exe was found!
Process Cp1.exe killed successfully!
No active process named Crahea.exe was found!
Registry value HKEY_USERS\S-1-5-21-2881098273-3420571134-2651252604-1000\Software\Microsoft\Windows\CurrentVersion\Run\\JP595IR86O deleted successfully.
C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe moved successfully.
C:\Windows\Crahea.exe moved successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully.
========== FILES ==========
C:\Users\PIIA-M~1\AppData\Local\Temp\Cp2.exe moved successfully.
File\Folder C:\Users\PIIA-M~1\AppData\Local\Temp\Cp1.exe not found.
C:\Users\Piia - Muckelchen\AppData\Roaming\Ydlye folder moved successfully.
C:\Users\Piia - Muckelchen\AppData\Roaming\Leisin folder moved successfully.
C:\cleansweep.exe folder moved successfully.
C:\mute folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Piia - Muckelchen
->Flash cache emptied: 49152 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Piia - Muckelchen
->Temp folder emptied: 139738715 bytes
->Temporary Internet Files folder emptied: 62107322 bytes
->Java cache emptied: 414571 bytes
->FireFox cache emptied: 90160289 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8827074 bytes
RecycleBin emptied: 11506811458 bytes

Total Files Cleaned = 11.261,00 mb


OTL by OldTimer - Version 3.2.20.5 log created on 01242011_162003

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

machst du onlinebanking oder einkäufe?

Ja überwiegend Banking, warum?

ok.
1. lasse sofort deinen onlinebanking zugang sperren, deine daten sind ausgespät worden.
2. danach musst du daten sichern und wir machen uns ans neu aufsetzen, sonst kannst du kein onlinebanking mehr an dem pc machen.

Okay und wie sichern wir jetzt die Daten genau? gibt es da tools oder ähnliches für, da einige Daten wie fotos extrem wichtig für mich sind

nein, einfach auf cd brennen, oder auf ne externe festplatte. oder usb stick.
übrigens, wenn deine daten so wichtig ist, sollte man sowieso davon nen backup, (sicherung) haben, was machst du denn, wenn deine festplatte mal kaputt ist, ne reparatur kostet einige 100 € was für die meisten bedeutet das die daten dann weg sind.